From bb2918d2ec99b650efb1611efc059b4d646b893b Mon Sep 17 00:00:00 2001 From: Marian Koreniuk Date: Wed, 17 Jul 2024 21:51:40 +0200 Subject: [PATCH] Sync 0.9 to proxmox integration (#221) Signed-off-by: Kingdon Barrett Signed-off-by: Andrei Kvapil Co-authored-by: Kingdon Barrett Co-authored-by: Andrei Kvapil Co-authored-by: Kingdon Barrett --- hack/e2e.sh | 14 +- manifests/cozystack-installer.yaml | 4 +- packages/apps/ferretdb/Chart.yaml | 25 + packages/apps/ferretdb/Makefile | 2 + packages/apps/ferretdb/README.md | 34 + packages/apps/ferretdb/ferretdb.svg | 54 + packages/apps/ferretdb/templates/.gitkeep | 0 .../ferretdb/templates/backup-cronjob.yaml | 99 + .../ferretdb/templates/backup-script.yaml | 50 + .../ferretdb/templates/backup-secret.yaml | 11 + .../apps/ferretdb/templates/external-svc.yaml | 15 + .../apps/ferretdb/templates/ferretdb.yaml | 26 + .../apps/ferretdb/templates/init-job.yaml | 66 + .../apps/ferretdb/templates/init-script.yaml | 101 + .../apps/ferretdb/templates/postgres.yaml | 45 + packages/apps/ferretdb/values.schema.json | 81 + packages/apps/ferretdb/values.yaml | 48 + .../apps/http-cache/images/nginx-cache.json | 38 +- packages/apps/kafka/Chart.yaml | 2 +- packages/apps/kafka/templates/topics.yaml | 8 +- packages/apps/kafka/values.yaml | 2 +- packages/apps/kubernetes/Chart.yaml | 4 +- packages/apps/kubernetes/Makefile | 2 +- packages/apps/kubernetes/README.md | 10 + .../images/ubuntu-container-disk.json | 38 +- .../images/ubuntu-container-disk.tag | 2 +- .../images/ubuntu-container-disk/Dockerfile | 4 +- .../apps/kubernetes/templates/cluster.yaml | 149 +- .../templates/helmreleases/cert-manager.yaml | 39 + .../templates/helmreleases/cilium.yaml | 11 +- .../templates/helmreleases/csi.yaml | 11 +- .../templates/helmreleases/delete.yaml | 30 +- .../templates/helmreleases/fluxcd.yaml | 84 + .../templates/helmreleases/ingress-nginx.yaml | 49 + .../apps/kubernetes/templates/ingress.yaml | 45 + packages/apps/kubernetes/values.schema.json | 41 + packages/apps/kubernetes/values.yaml | 33 + packages/apps/tenant/Chart.yaml | 2 +- packages/apps/tenant/README.md | 2 +- packages/apps/tenant/templates/etcd.yaml | 2 +- packages/apps/tenant/templates/ingress.yaml | 2 +- .../apps/tenant/templates/monitoring.yaml | 2 +- packages/apps/versions_map | 11 +- packages/core/fluxcd/Makefile | 20 - packages/core/fluxcd/charts/flux2/Chart.yaml | 11 - packages/core/fluxcd/charts/flux2/README.md | 174 - .../fluxcd/charts/flux2/templates/_helper.tpl | 7 - .../templates/aggregate-clusterroles.yaml | 47 - ...cluster-reconciler-clusterrolebinding.yaml | 26 - ...r-reconciler-impersonator-clusterrole.yaml | 19 - ...ciler-impersonator-clusterrolebinding.yaml | 26 - .../templates/crd-controller-clusterrole.yaml | 82 - .../crd-controller-clusterrolebinding.yaml | 38 - .../flux2/templates/extra-manifests.yaml | 4 - .../flux2/templates/helm-controller-sa.yaml | 18 - .../flux2/templates/helm-controller.crds.yaml | 2268 --- .../flux2/templates/helm-controller.yaml | 133 - .../image-automation-controller-sa.yaml | 18 - .../image-automation-controller.crds.yaml | 326 - .../image-automation-controller.yaml | 135 - .../image-reflector-controller-sa.yaml | 18 - .../image-reflector-controller.crds.yaml | 901 - .../templates/image-reflector-controller.yaml | 139 - .../templates/kustomize-controller-sa.yaml | 18 - .../kustomize-controller-secret.yaml | 18 - .../templates/kustomize-controller.crds.yaml | 1640 -- .../flux2/templates/kustomize-controller.yaml | 158 - .../notification-controller-ingress.yaml | 49 - .../templates/notification-controller-sa.yaml | 18 - .../notification-controller-service.yaml | 29 - ...tification-controller-webhook-service.yaml | 26 - .../notification-controller.crds.yaml | 1790 -- .../templates/notification-controller.yaml | 136 - .../charts/flux2/templates/podmonitor.yaml | 32 - .../charts/flux2/templates/policies.yaml | 63 - .../pre-install-job-serviceaccount.yaml | 14 - .../flux2/templates/pre-install-job.yaml | 72 - .../templates/source-controller-service.yaml | 29 - .../source-controller-serviceaccount.yaml | 18 - .../templates/source-controller.crds.yaml | 3291 ---- .../flux2/templates/source-controller.yaml | 140 - packages/core/fluxcd/charts/flux2/values.yaml | 327 - packages/core/installer/images/cozystack.json | 8 +- packages/core/installer/images/cozystack.tag | 2 +- packages/core/installer/images/matchbox.json | 45 +- .../core/platform/bundles/distro-full.yaml | 13 + .../core/platform/bundles/distro-hosted.yaml | 13 + packages/core/platform/bundles/paas-full.yaml | 17 +- .../core/platform/bundles/paas-hosted.yaml | 17 +- packages/core/platform/templates/apps.yaml | 6 +- .../core/platform/templates/helmreleases.yaml | 4 +- .../core/platform/templates/helmrepos.yaml | 6 +- .../core/platform/templates/namespaces.yaml | 1 - packages/extra/ingress/Chart.yaml | 2 +- .../ingress/templates/nginx-ingress.yaml | 2 +- .../ingress}/templates/nginx-scrape.yaml | 6 +- packages/extra/monitoring/Chart.yaml | 2 +- .../templates/oncall/oncall-release.yaml | 2 +- packages/extra/versions_map | 6 +- packages/system/capi-operator/Makefile | 4 +- .../charts/cluster-api-operator/Chart.lock | 6 - .../charts/cluster-api-operator/Chart.yaml | 9 +- .../crds/cert-manager.crds.yaml | 4482 ----- .../cluster-api-operator/templates/addon.yaml | 2 + .../templates/cert-manager.namespace.yaml | 8 - .../cluster-api-operator/templates/core.yaml | 10 + .../templates/deployment.yaml | 7 + .../templates/infra-conditions.yaml | 4 + .../cluster-api-operator/templates/infra.yaml | 17 +- .../templates/operator-components.yaml | 15462 +++++++++------- .../charts/cluster-api-operator/values.yaml | 11 +- packages/system/capi-providers/Makefile | 4 +- .../capi-providers/templates/providers.yaml | 16 +- packages/system/cert-manager-issuers/Makefile | 4 +- packages/system/cert-manager/Makefile | 4 +- packages/system/cilium/Makefile | 4 +- packages/system/cilium/images/cilium.json | 51 +- packages/system/cilium/images/cilium.tag | 2 +- packages/system/clickhouse-operator/Makefile | 4 +- packages/system/dashboard/Makefile | 6 +- .../system/dashboard/images/dashboard.json | 41 +- .../system/dashboard/images/dashboard.tag | 2 +- .../dashboard/images/kubeapps-apis.json | 47 +- .../system/dashboard/images/kubeapps-apis.tag | 2 +- .../dashboard/images/kubeapps-apis/Dockerfile | 12 +- .../images/kubeapps-apis/fluxcd.diff | 3196 ++++ .../images/kubeapps-apis/labels.diff | 10 +- .../kubeapps-apis/reconcile-strategy.diff | 2 +- packages/system/etcd-operator/Makefile | 4 +- .../charts/etcd-operator/Chart.yaml | 4 +- .../charts/etcd-operator/README.md | 85 +- .../charts/etcd-operator/README.md.gotmpl | 19 + .../etcd-operator/crds/etcd-cluster.yaml | 29 +- .../rbac/clusterrole-manager-role.yml | 16 + .../templates/workload/deployment.yml | 6 + .../charts/etcd-operator/values.schema.json | 10 +- .../charts/etcd-operator/values.yaml | 132 +- .../fluxcd-operator}/.helmignore | 0 packages/system/fluxcd-operator/Chart.yaml | 3 + packages/system/fluxcd-operator/Makefile | 12 + .../charts/flux-operator}/.helmignore | 3 +- .../charts/flux-operator/Chart.yaml | 30 + .../charts/flux-operator/README.md | 57 + .../charts/flux-operator/templates/NOTES.txt | 1 + .../flux-operator/templates/_helpers.tpl | 58 + .../flux-operator/templates/clusterrole.yaml | 21 + .../charts/flux-operator/templates/crds.yaml | 704 + .../flux-operator/templates/deployment.yaml | 99 + .../flux-operator/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 17 + .../charts/flux-operator/values.schema.json | 309 + .../charts/flux-operator/values.yaml | 97 + .../patches/kubernetesEnvs.diff | 12 + .../fluxcd-operator/templates/_helpers.tpl | 13 + packages/system/fluxcd-operator/values.yaml | 7 + packages/{core => system}/fluxcd/Chart.yaml | 0 packages/system/fluxcd/Makefile | 7 + .../fluxcd/templates/flux-instance.yaml | 25 + packages/system/fluxcd/values.yaml | 47 + packages/system/grafana-operator/Makefile | 4 +- packages/system/ingress-nginx/Makefile | 7 +- .../templates/controller-daemonset.yaml.orig | 243 - packages/system/ingress-nginx/values.yaml | 6 +- packages/system/kafka-operator/Makefile | 4 +- packages/system/kamaji-etcd/Makefile | 6 +- packages/system/kamaji/Makefile | 4 +- .../system/kamaji/charts/kamaji/Chart.yaml | 4 +- .../system/kamaji/charts/kamaji/README.md | 6 +- .../kamaji/charts/kamaji/crds/datastore.yaml | 49 +- .../kamaji/crds/tenantcontrolplane.yaml | 1144 +- .../charts/kamaji/templates/controller.yaml | 3 + .../charts/kamaji/templates/datastore.yaml | 5 + .../validatingwebhookconfiguration.yaml | 21 + .../system/kamaji/charts/kamaji/values.yaml | 12 +- packages/system/kamaji/values.yaml | 5 - packages/system/kubeovn/Makefile | 6 +- packages/system/kubeovn/images/kubeovn.json | 41 +- .../system/kubevirt-cdi-operator/Makefile | 4 +- packages/system/kubevirt-cdi/Makefile | 4 +- packages/system/kubevirt-operator/Makefile | 4 +- .../templates/kubevirt-operator.yaml | 72 +- packages/system/kubevirt/Makefile | 4 +- packages/system/linstor/Makefile | 4 +- packages/system/mariadb-operator/Makefile | 4 +- packages/system/metallb/Makefile | 4 +- packages/system/monitoring/Makefile | 4 +- packages/system/piraeus-operator/Makefile | 4 +- .../charts/piraeus/Chart.yaml | 4 +- .../charts/piraeus/templates/config.yaml | 11 +- .../charts/piraeus/templates/crds.yaml | 10 + .../charts/piraeus/templates/deployment.yaml | 1 + .../charts/piraeus/values.yaml | 2 + packages/system/postgres-operator/Makefile | 4 +- packages/system/rabbitmq-operator/Makefile | 4 +- packages/system/redis-operator/Makefile | 4 +- packages/system/telepresence/Makefile | 4 +- .../system/victoria-metrics-operator/Makefile | 4 +- scripts/fluxcd-kustomize.sh | 37 + scripts/installer.sh | 38 +- scripts/package-system.mk | 11 +- 200 files changed, 16472 insertions(+), 24346 deletions(-) create mode 100644 packages/apps/ferretdb/Chart.yaml create mode 100644 packages/apps/ferretdb/Makefile create mode 100644 packages/apps/ferretdb/README.md create mode 100644 packages/apps/ferretdb/ferretdb.svg create mode 100644 packages/apps/ferretdb/templates/.gitkeep create mode 100644 packages/apps/ferretdb/templates/backup-cronjob.yaml create mode 100644 packages/apps/ferretdb/templates/backup-script.yaml create mode 100644 packages/apps/ferretdb/templates/backup-secret.yaml create mode 100644 packages/apps/ferretdb/templates/external-svc.yaml create mode 100644 packages/apps/ferretdb/templates/ferretdb.yaml create mode 100644 packages/apps/ferretdb/templates/init-job.yaml create mode 100644 packages/apps/ferretdb/templates/init-script.yaml create mode 100644 packages/apps/ferretdb/templates/postgres.yaml create mode 100644 packages/apps/ferretdb/values.schema.json create mode 100644 packages/apps/ferretdb/values.yaml create mode 100644 packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml create mode 100644 packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml create mode 100644 packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml create mode 100644 packages/apps/kubernetes/templates/ingress.yaml delete mode 100644 packages/core/fluxcd/Makefile delete mode 100644 packages/core/fluxcd/charts/flux2/Chart.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/README.md delete mode 100644 packages/core/fluxcd/charts/flux2/templates/_helper.tpl delete mode 100644 packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/policies.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/values.yaml rename packages/{system/monitoring => extra/ingress}/templates/nginx-scrape.yaml (92%) delete mode 100644 packages/system/capi-operator/charts/cluster-api-operator/Chart.lock delete mode 100644 packages/system/capi-operator/charts/cluster-api-operator/crds/cert-manager.crds.yaml delete mode 100644 packages/system/capi-operator/charts/cluster-api-operator/templates/cert-manager.namespace.yaml create mode 100644 packages/system/dashboard/images/kubeapps-apis/fluxcd.diff create mode 100644 packages/system/etcd-operator/charts/etcd-operator/README.md.gotmpl rename packages/{core/fluxcd => system/fluxcd-operator}/.helmignore (100%) create mode 100644 packages/system/fluxcd-operator/Chart.yaml create mode 100644 packages/system/fluxcd-operator/Makefile rename packages/{core/fluxcd/charts/flux2 => system/fluxcd-operator/charts/flux-operator}/.helmignore (95%) create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/README.md create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/NOTES.txt create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/_helpers.tpl create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/service.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/templates/serviceaccount.yaml create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/values.schema.json create mode 100644 packages/system/fluxcd-operator/charts/flux-operator/values.yaml create mode 100644 packages/system/fluxcd-operator/patches/kubernetesEnvs.diff create mode 100644 packages/system/fluxcd-operator/templates/_helpers.tpl create mode 100644 packages/system/fluxcd-operator/values.yaml rename packages/{core => system}/fluxcd/Chart.yaml (100%) create mode 100644 packages/system/fluxcd/Makefile create mode 100644 packages/system/fluxcd/templates/flux-instance.yaml create mode 100644 packages/system/fluxcd/values.yaml delete mode 100644 packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml.orig create mode 100755 scripts/fluxcd-kustomize.sh diff --git a/hack/e2e.sh b/hack/e2e.sh index 86278beb..462fef65 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -294,22 +294,22 @@ kubectl patch -n tenant-root hr/tenant-root --type=merge -p '{"spec":{ "values": timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root; do sleep 1; done' # Wait for HelmReleases be installed -kubectl wait --timeout=2m --for=condition=ready hr -n tenant-root etcd ingress monitoring tenant-root +kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root # Wait for nginx-ingress-controller timeout 60 sh -c 'until kubectl get deploy -n tenant-root root-ingress-controller; do sleep 1; done' -kubectl wait deploy -n tenant-root --timeout=5m --for=condition=available root-ingress-controller +kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy root-ingress-controller # Wait for etcd -kubectl wait --for=jsonpath=.status.readyReplicas=3 -n tenant-root --timeout=5m sts etcd +kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root sts etcd # Wait for Victoria metrics -kubectl wait deploy -n tenant-root --timeout=5m --for=condition=available vmalert-vmalert vminsert-longterm vminsert-shortterm -kubectl wait --for=jsonpath=.status.readyReplicas=2 -n tenant-root --timeout=5m sts vmalertmanager-alertmanager vmselect-longterm vmselect-shortterm vmstorage-longterm vmstorage-shortterm +kubectl wait --timeout=5m --for=condition=available deploy -n tenant-root vmalert-vmalert vminsert-longterm vminsert-shortterm +kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=2 -n tenant-root sts vmalertmanager-alertmanager vmselect-longterm vmselect-shortterm vmstorage-longterm vmstorage-shortterm # Wait for grafana -kubectl wait --for=condition=ready clusters.postgresql.cnpg.io -n tenant-root grafana-db -kubectl wait deploy -n tenant-root --timeout=5m --for=condition=available grafana-deployment +kubectl wait --timeout=5m --for=condition=ready -n tenant-root clusters.postgresql.cnpg.io grafana-db +kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy grafana-deployment # Get IP of nginx-ingress ip=$(kubectl get svc -n tenant-root root-ingress-controller -o jsonpath='{.status.loadBalancer.ingress..ip}') diff --git a/manifests/cozystack-installer.yaml b/manifests/cozystack-installer.yaml index 3112f1c6..e88aa4c5 100644 --- a/manifests/cozystack-installer.yaml +++ b/manifests/cozystack-installer.yaml @@ -68,7 +68,7 @@ spec: serviceAccountName: cozystack containers: - name: cozystack - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.7.0" + image: "ghcr.io/aenix-io/cozystack/cozystack:v0.9.0" env: - name: KUBERNETES_SERVICE_HOST value: localhost @@ -87,7 +87,7 @@ spec: fieldRef: fieldPath: metadata.name - name: darkhttpd - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.7.0" + image: "ghcr.io/aenix-io/cozystack/cozystack:v0.9.0" command: - /usr/bin/darkhttpd - /cozystack/assets diff --git a/packages/apps/ferretdb/Chart.yaml b/packages/apps/ferretdb/Chart.yaml new file mode 100644 index 00000000..6d35a52b --- /dev/null +++ b/packages/apps/ferretdb/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: ferretdb +description: Managed FerretDB service +icon: ferretdb.svg + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.22.0" diff --git a/packages/apps/ferretdb/Makefile b/packages/apps/ferretdb/Makefile new file mode 100644 index 00000000..207e2133 --- /dev/null +++ b/packages/apps/ferretdb/Makefile @@ -0,0 +1,2 @@ +generate: + readme-generator -v values.yaml -s values.schema.json -r README.md diff --git a/packages/apps/ferretdb/README.md b/packages/apps/ferretdb/README.md new file mode 100644 index 00000000..afa4f961 --- /dev/null +++ b/packages/apps/ferretdb/README.md @@ -0,0 +1,34 @@ +# Managed FerretDB Service + +## Parameters + +### Common parameters + +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | ------- | +| `external` | Enable external access from outside the cluster | `false` | +| `size` | Persistent Volume size | `10Gi` | +| `replicas` | Number of Postgres replicas | `2` | +| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed. | `0` | +| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances). | `0` | + +### Configuration parameters + +| Name | Description | Value | +| ------- | ------------------- | ----- | +| `users` | Users configuration | `{}` | + +### Backup parameters + +| Name | Description | Value | +| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ | +| `backup.enabled` | Enable pereiodic backups | `false` | +| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` | +| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/postgres-backups` | +| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` | +| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` | +| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` | +| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` | +| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` | + + diff --git a/packages/apps/ferretdb/ferretdb.svg b/packages/apps/ferretdb/ferretdb.svg new file mode 100644 index 00000000..196871e1 --- /dev/null +++ b/packages/apps/ferretdb/ferretdb.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + diff --git a/packages/apps/ferretdb/templates/.gitkeep b/packages/apps/ferretdb/templates/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/packages/apps/ferretdb/templates/backup-cronjob.yaml b/packages/apps/ferretdb/templates/backup-cronjob.yaml new file mode 100644 index 00000000..84a6aee7 --- /dev/null +++ b/packages/apps/ferretdb/templates/backup-cronjob.yaml @@ -0,0 +1,99 @@ +{{- if .Values.backup.enabled }} +{{ $image := .Files.Get "images/backup.json" | fromJson }} + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-backup +spec: + schedule: "{{ .Values.backup.schedule }}" + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + backoffLimit: 2 + template: + spec: + restartPolicy: OnFailure + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }} + spec: + restartPolicy: Never + containers: + - name: mysqldump + image: "{{ index $image "image.name" }}@{{ index $image "containerimage.digest" }}" + command: + - /bin/sh + - /scripts/backup.sh + env: + - name: REPO_PREFIX + value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }} + - name: CLEANUP_STRATEGY + value: {{ required "cleanupStrategy is not specified!" .Values.backup.cleanupStrategy | quote }} + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-superuser + key: username + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-superuser + key: password + - name: PGHOST + value: {{ .Release.Name }}-postgres-rw + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: postgres + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-backup + key: s3AccessKey + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-backup + key: s3SecretKey + - name: AWS_DEFAULT_REGION + value: {{ .Values.backup.s3Region }} + - name: RESTIC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-backup + key: resticPassword + volumeMounts: + - mountPath: /scripts + name: scripts + - mountPath: /tmp + name: tmp + - mountPath: /.cache + name: cache + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumes: + - name: scripts + secret: + secretName: {{ .Release.Name }}-backup-script + - name: tmp + emptyDir: {} + - name: cache + emptyDir: {} + securityContext: + runAsNonRoot: true + runAsUser: 9000 + runAsGroup: 9000 + seccompProfile: + type: RuntimeDefault +{{- end }} diff --git a/packages/apps/ferretdb/templates/backup-script.yaml b/packages/apps/ferretdb/templates/backup-script.yaml new file mode 100644 index 00000000..362bdc01 --- /dev/null +++ b/packages/apps/ferretdb/templates/backup-script.yaml @@ -0,0 +1,50 @@ +{{- if .Values.backup.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-backup-script +stringData: + backup.sh: | + #!/bin/sh + set -e + set -o pipefail + + JOB_ID="job-$(uuidgen|cut -f1 -d-)" + DB_LIST=$(psql -Atq -c 'SELECT datname FROM pg_catalog.pg_database;' | grep -v '^\(postgres\|app\|template.*\)$') + echo DB_LIST=$(echo "$DB_LIST" | shuf) # shuffle list + echo "Job ID: $JOB_ID" + echo "Target repo: $REPO_PREFIX" + echo "Cleanup strategy: $CLEANUP_STRATEGY" + echo "Start backup for:" + echo "$DB_LIST" + echo + echo "Backup started at `date +%Y-%m-%d\ %H:%M:%S`" + for db in $DB_LIST; do + ( + set -x + restic -r "s3:${REPO_PREFIX}/$db" cat config >/dev/null 2>&1 || \ + restic -r "s3:${REPO_PREFIX}/$db" init --repository-version 2 + restic -r "s3:${REPO_PREFIX}/$db" unlock --remove-all >/dev/null 2>&1 || true # no locks, k8s takes care of it + pg_dump -Z0 -Ft -d "$db" | \ + restic -r "s3:${REPO_PREFIX}/$db" backup --tag "$JOB_ID" --stdin --stdin-filename dump.tar + restic -r "s3:${REPO_PREFIX}/$db" tag --tag "$JOB_ID" --set "completed" + ) + done + echo "Backup finished at `date +%Y-%m-%d\ %H:%M:%S`" + + echo + echo "Run cleanup:" + echo + + echo "Cleanup started at `date +%Y-%m-%d\ %H:%M:%S`" + for db in $DB_LIST; do + ( + set -x + restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" # keep completed snapshots only + restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY + restic prune -r "s3:${REPO_PREFIX}/$db" + ) + done + echo "Cleanup finished at `date +%Y-%m-%d\ %H:%M:%S`" +{{- end }} diff --git a/packages/apps/ferretdb/templates/backup-secret.yaml b/packages/apps/ferretdb/templates/backup-secret.yaml new file mode 100644 index 00000000..be221e2f --- /dev/null +++ b/packages/apps/ferretdb/templates/backup-secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.backup.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-backup +stringData: + s3AccessKey: {{ required "s3AccessKey is not specified!" .Values.backup.s3AccessKey }} + s3SecretKey: {{ required "s3SecretKey is not specified!" .Values.backup.s3SecretKey }} + resticPassword: {{ required "resticPassword is not specified!" .Values.backup.resticPassword }} +{{- end }} diff --git a/packages/apps/ferretdb/templates/external-svc.yaml b/packages/apps/ferretdb/templates/external-svc.yaml new file mode 100644 index 00000000..2e0501c8 --- /dev/null +++ b/packages/apps/ferretdb/templates/external-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} +spec: + type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }} + {{- if .Values.external }} + externalTrafficPolicy: Local + allocateLoadBalancerNodePorts: false + {{- end }} + ports: + - name: ferretdb + port: 27017 + selector: + app: {{ .Release.Name }} diff --git a/packages/apps/ferretdb/templates/ferretdb.yaml b/packages/apps/ferretdb/templates/ferretdb.yaml new file mode 100644 index 00000000..8d72787b --- /dev/null +++ b/packages/apps/ferretdb/templates/ferretdb.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + containers: + - name: ferretdb + image: ghcr.io/ferretdb/ferretdb:1.22.0 + ports: + - containerPort: 27017 + env: + - name: FERRETDB_POSTGRESQL_URL + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-app + key: uri diff --git a/packages/apps/ferretdb/templates/init-job.yaml b/packages/apps/ferretdb/templates/init-job.yaml new file mode 100644 index 00000000..b7b03133 --- /dev/null +++ b/packages/apps/ferretdb/templates/init-job.yaml @@ -0,0 +1,66 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-init-job + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + template: + metadata: + name: {{ .Release.Name }}-init-job + annotations: + checksum/config: {{ include (print $.Template.BasePath "/init-script.yaml") . | sha256sum }} + spec: + restartPolicy: Never + containers: + - name: postgres + image: ghcr.io/cloudnative-pg/postgresql:15.3 + command: + - bash + - /scripts/init.sh + env: + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-superuser + key: username + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgres-superuser + key: password + - name: PGHOST + value: {{ .Release.Name }}-postgres-rw + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: postgres + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /etc/secret + name: secret + - mountPath: /scripts + name: scripts + securityContext: + fsGroup: 26 + runAsGroup: 26 + runAsNonRoot: true + runAsUser: 26 + seccompProfile: + type: RuntimeDefault + volumes: + - name: secret + secret: + secretName: {{ .Release.Name }}-postgres-superuser + - name: scripts + secret: + secretName: {{ .Release.Name }}-init-script diff --git a/packages/apps/ferretdb/templates/init-script.yaml b/packages/apps/ferretdb/templates/init-script.yaml new file mode 100644 index 00000000..818ccf2d --- /dev/null +++ b/packages/apps/ferretdb/templates/init-script.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-init-script +stringData: + init.sh: | + #!/bin/bash + set -e + echo "== create users" + {{- if .Values.users }} + psql -v ON_ERROR_STOP=1 <<\EOT + {{- range $user, $u := .Values.users }} + SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;' + WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec + ALTER ROLE {{ $user }} WITH PASSWORD '{{ $u.password }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }}; + COMMENT ON ROLE {{ $user }} IS 'user managed by helm'; + {{- end }} + EOT + {{- end }} + + echo "== delete users" + MANAGED_USERS=$(echo '\du+' | psql | awk -F'|' '$4 == " user managed by helm" {print $1}' | awk NF=NF RS= OFS=' ') + DEFINED_USERS="{{ join " " (keys .Values.users) }}" + DELETE_USERS=$(for user in $MANAGED_USERS; do case " $DEFINED_USERS " in *" $user "*) :;; *) echo $user;; esac; done) + + echo "users to delete: $DELETE_USERS" + for user in $DELETE_USERS; do + # https://stackoverflow.com/a/51257346/2931267 + psql -v ON_ERROR_STOP=1 --echo-all < kubernetes--admin-kubeconfig -o g | `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` | | `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` | | `nodeGroups` | nodeGroups configuration | `{}` | + +### Cluster Addons + +| Name | Description | Value | +| ----------------------------- | ---------------------------------------------------------------------------------- | ------- | +| `addons.certManager.enabled` | Enables the cert-manager | `false` | +| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` | +| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` | +| `addons.fluxcd.enabled` | Enables Flux CD | `false` | + diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.json b/packages/apps/kubernetes/images/ubuntu-container-disk.json index e7685393..e249d0e4 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.json +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.json @@ -1,4 +1,38 @@ { - "containerimage.config.digest": "sha256:24cee18d0bc9ed40e741412da86820dd99bdb9ffa4c794c81856725a4a10d86e", - "containerimage.digest": "sha256:6a43369905e0630bb401e1cf73084bbef3060e960756f261676cd3bea4195e9a" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/ubuntu@22.04?platform=linux%2Famd64", + "digest": { + "sha256": "340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "args": { + "build-arg:ARCH": "amd64" + }, + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "amd64/amd64/kk2drcq44gorgb3xwa8908pfc", + "containerimage.config.digest": "sha256:363589eb47379eb7548f047aae24045278f14db0b2026022b6bec33a04370f15", + "containerimage.digest": "sha256:f242fd77903f5f5a94ed157e98b0c4532e5ba91734d9653eaf26cfe4b23b017b" } \ No newline at end of file diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index c2389748..5ea3ff97 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.29.1 +ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1 diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile b/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile index a30d70f7..eb08ef10 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile +++ b/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile @@ -26,8 +26,8 @@ RUN qemu-img resize image.img 5G \ && guestfish --remote sh "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg" \ && guestfish --remote sh 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list' \ # kubernetes repo - && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \ - && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \ + && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \ + && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \ # install containerd && guestfish --remote command "apt-get update -y" \ && guestfish --remote command "apt-get install -y containerd.io" \ diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index baa0bc6b..0ce5d542 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -2,6 +2,58 @@ {{- $etcd := index $myNS.metadata.annotations "namespace.cozystack.io/etcd" }} {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} +{{- $kubevirtmachinetemplateNames := list }} +{{- define "kubevirtmachinetemplate" -}} +spec: + virtualMachineBootstrapCheck: + checkStrategy: ssh + virtualMachineTemplate: + metadata: + namespace: {{ $.Release.Namespace }} + labels: + {{- range .group.roles }} + node-role.kubernetes.io/{{ . }}: "" + {{- end }} + spec: + runStrategy: Always + template: + spec: + domain: + cpu: + threads: 1 + cores: {{ .group.resources.cpu }} + sockets: 1 + devices: + disks: + - name: system + disk: + bus: virtio + pciAddress: 0000:07:00.0 + - name: containerd + disk: + bus: virtio + pciAddress: 0000:08:00.0 + - name: kubelet + disk: + bus: virtio + pciAddress: 0000:09:00.0 + networkInterfaceMultiqueue: true + memory: + guest: {{ .group.resources.memory }} + evictionStrategy: External + volumes: + - name: system + containerDisk: + image: "{{ $.Files.Get "images/ubuntu-container-disk.tag" | trim }}@{{ index ($.Files.Get "images/ubuntu-container-disk.json" | fromJson) "containerimage.digest" }}" + - name: containerd + emptyDisk: + capacity: 20Gi + - name: kubelet + emptyDisk: + capacity: 20Gi +{{- end }} + + --- apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster @@ -57,7 +109,7 @@ spec: className: "{{ $ingress }}" deployment: replicas: 2 - version: 1.29.4 + version: 1.30.1 --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtCluster @@ -101,56 +153,20 @@ spec: skipPhases: - addon/kube-proxy --- +{{- $context := deepCopy $ }} +{{- $_ := set $context "group" $group }} +{{- $kubevirtmachinetemplate := include "kubevirtmachinetemplate" $context }} +{{- $kubevirtmachinetemplateHash := $kubevirtmachinetemplate | sha256sum | trunc 6 }} +{{- $kubevirtmachinetemplateName := printf "%s-%s-%s" $.Release.Name $groupName $kubevirtmachinetemplateHash }} +{{- $kubevirtmachinetemplateNames = append $kubevirtmachinetemplateNames $kubevirtmachinetemplateName }} apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtMachineTemplate metadata: - name: {{ $.Release.Name }}-{{ $groupName }} + name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }} namespace: {{ $.Release.Namespace }} spec: template: - spec: - virtualMachineBootstrapCheck: - checkStrategy: ssh - virtualMachineTemplate: - metadata: - namespace: {{ $.Release.Namespace }} - spec: - runStrategy: Always - template: - spec: - domain: - cpu: - threads: 1 - cores: {{ $group.resources.cpu }} - sockets: 1 - devices: - disks: - - name: system - disk: - bus: virtio - pciAddress: 0000:07:00.0 - - name: containerd - disk: - bus: virtio - pciAddress: 0000:08:00.0 - - name: kubelet - disk: - bus: virtio - pciAddress: 0000:09:00.0 - networkInterfaceMultiqueue: true - memory: - guest: {{ $group.resources.memory }} - evictionStrategy: External - volumes: - - name: system - containerDisk: - image: "{{ $.Files.Get "images/ubuntu-container-disk.tag" | trim }}@{{ index ($.Files.Get "images/ubuntu-container-disk.json" | fromJson) "containerimage.digest" }}" - - name: containerd - emptyDisk: - capacity: 20Gi - - name: kubelet - emptyDisk: - capacity: 20Gi + {{- $kubevirtmachinetemplate | nindent 4 }} --- apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment @@ -165,18 +181,55 @@ metadata: spec: clusterName: {{ $.Release.Name }} template: + metadata: + labels: + cluster.x-k8s.io/cluster-name: {{ $.Release.Name }} + cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ $groupName }} + {{- range $group.roles }} + node-role.kubernetes.io/{{ . }}: "" + {{- end }} spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: {{ $.Release.Name }}-{{ $groupName }} - namespace: default + namespace: {{ $.Release.Namespace }} clusterName: {{ $.Release.Name }} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtMachineTemplate - name: {{ $.Release.Name }}-{{ $groupName }} + name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }} namespace: default - version: v1.29.4 + version: v1.30.1 +{{- end }} +--- +{{- /* +We must preserve all previous KubevirtMachineTemplates until a MachineSet references them. +*/ -}} +{{- $mss := (lookup "cluster.x-k8s.io/v1beta1" "MachineSet" $.Release.Namespace "").items }} +{{- $oldKubevirtmachinetemplates := dict }} +{{- range $kmt := (lookup "infrastructure.cluster.x-k8s.io/v1alpha1" "KubevirtMachineTemplate" .Release.Namespace "").items }} +{{- range $or := $kmt.metadata.ownerReferences }} +{{- if and (eq $or.kind "Cluster") (eq $or.name $.Release.Name) }} +{{- range $ms := $mss }} +{{- if and (eq $ms.spec.template.spec.infrastructureRef.kind "KubevirtMachineTemplate") (eq $ms.spec.template.spec.infrastructureRef.name $kmt.metadata.name) }} +{{- if not (has $kmt.metadata.name $kubevirtmachinetemplateNames) }} +{{- $oldKubevirtmachinetemplates = merge $oldKubevirtmachinetemplates (dict $kmt.metadata.name $kmt) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- range $oldKubevirtmachinetemplates }} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 +kind: KubevirtMachineTemplate +metadata: + name: {{ .metadata.name }} + namespace: {{ .metadata.Namespace }} +spec: + {{- .spec | toYaml | nindent 2 }} {{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml new file mode 100644 index 00000000..f8e02559 --- /dev/null +++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml @@ -0,0 +1,39 @@ +{{- if .Values.addons.certManager.enabled }} +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-cert-manager + labels: + cozystack.io/repository: system + coztstack.io/target-cluster-name: {{ .Release.Name }} +spec: + interval: 5m + releaseName: cert-manager + chart: + spec: + chart: cozy-cert-manager + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + kubeConfig: + secretRef: + name: {{ .Release.Name }}-kubeconfig + targetNamespace: cozy-cert-manager + storageNamespace: cozy-cert-manager + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 + dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} + - name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + {{- end }} + - name: {{ .Release.Name }}-cilium + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml index 14577407..8918b5df 100644 --- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .Release.Name }}-cilium @@ -6,7 +6,7 @@ metadata: cozystack.io/repository: system coztstack.io/target-cluster-name: {{ .Release.Name }} spec: - interval: 1m + interval: 5m releaseName: cilium chart: spec: @@ -23,6 +23,11 @@ spec: storageNamespace: cozy-cilium install: createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 values: cilium: tunnel: disabled @@ -44,5 +49,7 @@ spec: enableIPv4Masquerade: true ipv4NativeRoutingCIDR: "" dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} - name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} + {{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/csi.yaml b/packages/apps/kubernetes/templates/helmreleases/csi.yaml index 55169278..2485d47c 100644 --- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .Release.Name }}-csi @@ -6,7 +6,7 @@ metadata: cozystack.io/repository: system coztstack.io/target-cluster-name: {{ .Release.Name }} spec: - interval: 1m + interval: 5m releaseName: csi chart: spec: @@ -23,6 +23,13 @@ spec: storageNamespace: cozy-csi install: createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} - name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} + {{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/delete.yaml b/packages/apps/kubernetes/templates/helmreleases/delete.yaml index 71215c30..30cd5586 100644 --- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml @@ -20,17 +20,23 @@ spec: effect: "NoSchedule" containers: - name: kubectl - image: docker.io/clastix/kubectl:v1.29.1 + image: docker.io/clastix/kubectl:v1.30.1 command: - - kubectl - - --namespace={{ .Release.Namespace }} - - patch - - helmrelease - - {{ .Release.Name }}-cilium - - {{ .Release.Name }}-csi - - -p - - '{"spec": {"suspend": true}}' - - --type=merge + - /bin/sh + - -c + - | + kubectl + --namespace={{ .Release.Namespace }} + patch + helmrelease + {{ .Release.Name }}-cilium + {{ .Release.Name }}-csi + {{ .Release.Name }}-cert-manager + {{ .Release.Name }}-ingress-nginx + {{ .Release.Name }}-fluxcd-operator + {{ .Release.Name }}-fluxcd + -p '{"spec": {"suspend": true}}' + --type=merge --field-manager=flux-client-side-apply || true --- apiVersion: v1 kind: ServiceAccount @@ -60,6 +66,10 @@ rules: resourceNames: - {{ .Release.Name }}-cilium - {{ .Release.Name }}-csi + - {{ .Release.Name }}-cert-manager + - {{ .Release.Name }}-ingress-nginx + - {{ .Release.Name }}-fluxcd-operator + - {{ .Release.Name }}-fluxcd --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml new file mode 100644 index 00000000..c4ca6fd3 --- /dev/null +++ b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml @@ -0,0 +1,84 @@ +{{- if .Values.addons.fluxcd.enabled }} +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-fluxcd-operator + labels: + cozystack.io/repository: system + coztstack.io/target-cluster-name: {{ .Release.Name }} +spec: + interval: 5m + releaseName: fluxcd-operator + chart: + spec: + chart: cozy-fluxcd-operator + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + kubeConfig: + secretRef: + name: {{ .Release.Name }}-kubeconfig + targetNamespace: cozy-fluxcd + storageNamespace: cozy-fluxcd + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 + values: + flux-operator: + fullnameOverride: flux-operator + tolerations: [] + hostNetwork: false + dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} + - name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + {{- end }} + - name: {{ .Release.Name }}-cilium + namespace: {{ .Release.Namespace }} +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-fluxcd + labels: + cozystack.io/repository: system + coztstack.io/target-cluster-name: {{ .Release.Name }} +spec: + interval: 5m + releaseName: fluxcd + chart: + spec: + chart: cozy-fluxcd + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + kubeConfig: + secretRef: + name: {{ .Release.Name }}-kubeconfig + targetNamespace: cozy-fluxcd + storageNamespace: cozy-fluxcd + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 + dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} + - name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + {{- end }} + - name: {{ .Release.Name }}-cilium + namespace: {{ .Release.Namespace }} + - name: {{ .Release.Name }}-fluxcd-operator + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml new file mode 100644 index 00000000..573fb601 --- /dev/null +++ b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml @@ -0,0 +1,49 @@ +{{- if .Values.addons.ingressNginx.enabled }} +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-ingress-nginx + labels: + cozystack.io/repository: system + coztstack.io/target-cluster-name: {{ .Release.Name }} +spec: + interval: 5m + releaseName: ingress-nginx + chart: + spec: + chart: cozy-ingress-nginx + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + kubeConfig: + secretRef: + name: {{ .Release.Name }}-kubeconfig + targetNamespace: cozy-ingress-nginx + storageNamespace: cozy-ingress-nginx + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + retries: -1 + values: + ingress-nginx: + fullnameOverride: ingress-nginx + controller: + kind: DaemonSet + hostNetwork: true + service: + enabled: false + nodeSelector: + node-role.kubernetes.io/ingress-nginx: "" + dependsOn: + {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} + - name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + {{- end }} + - name: {{ .Release.Name }}-cilium + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/apps/kubernetes/templates/ingress.yaml b/packages/apps/kubernetes/templates/ingress.yaml new file mode 100644 index 00000000..e677afab --- /dev/null +++ b/packages/apps/kubernetes/templates/ingress.yaml @@ -0,0 +1,45 @@ +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} +{{- if .Values.addons.ingressNginx.hosts }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-ingress-nginx + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" +spec: + ingressClassName: "{{ $ingress }}" + rules: + {{- range .Values.addons.ingressNginx.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ $.Release.Name }}-ingress-nginx + port: + number: 443 + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-ingress-nginx +spec: + ports: + - appProtocol: http + name: http + port: 80 + targetPort: 80 + - appProtocol: https + name: https + port: 443 + targetPort: 443 + selector: + cluster.x-k8s.io/cluster-name: {{ .Release.Name }} + node-role.kubernetes.io/ingress-nginx: "" +{{- end }} diff --git a/packages/apps/kubernetes/values.schema.json b/packages/apps/kubernetes/values.schema.json index d467b3fe..cceff4d3 100644 --- a/packages/apps/kubernetes/values.schema.json +++ b/packages/apps/kubernetes/values.schema.json @@ -16,6 +16,47 @@ "default": 2 } } + }, + "addons": { + "type": "object", + "properties": { + "certManager": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables the cert-manager", + "default": false + } + } + }, + "ingressNginx": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)", + "default": false + }, + "hosts": { + "type": "array", + "description": "List of domain names that should be passed through to the cluster by upper cluster", + "default": [], + "items": {} + } + } + }, + "fluxcd": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables Flux CD", + "default": false + } + } + } + } } } } \ No newline at end of file diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml index 15b5cc2b..548e344d 100644 --- a/packages/apps/kubernetes/values.yaml +++ b/packages/apps/kubernetes/values.yaml @@ -16,3 +16,36 @@ nodeGroups: resources: cpu: 2 memory: 1024Mi + roles: + - ingress-nginx + +## @section Cluster Addons +## +addons: + + ## Cert-manager: automatically creates and manages SSL/TLS certificate + ## + certManager: + ## @param addons.certManager.enabled Enables the cert-manager + enabled: false + + ## Ingress-NGINX Controller + ## + ingressNginx: + ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) + ## + enabled: false + ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster + ## e.g: + ## hosts: + ## - example.org + ## - foo.example.net + ## + hosts: [] + + ## Flux CD + ## + fluxcd: + ## @param addons.fluxcd.enabled Enables Flux CD + ## + enabled: false diff --git a/packages/apps/tenant/Chart.yaml b/packages/apps/tenant/Chart.yaml index 9ea4afc6..9a866e0f 100644 --- a/packages/apps/tenant/Chart.yaml +++ b/packages/apps/tenant/Chart.yaml @@ -4,4 +4,4 @@ description: Separated tenant namespace icon: https://upload.wikimedia.org/wikipedia/commons/0/04/User_icon_1.svg type: application -version: 1.1.0 +version: 1.2.0 diff --git a/packages/apps/tenant/README.md b/packages/apps/tenant/README.md index d33ecc7b..9b17e8fc 100644 --- a/packages/apps/tenant/README.md +++ b/packages/apps/tenant/README.md @@ -25,7 +25,7 @@ tenant-root (example.org) Thus, you can create `tenant-u1` with a set of services like `etcd`, `ingress`, `monitoring`. And create another tenant namespace `tenant-u2` inside of `tenant-u1`. -Let's see what will happen when you run Kubernetes and Postgres under `tenant-u2` namesapce. +Let's see what will happen when you run Kubernetes and Postgres under `tenant-u2` namespace. Since `tenant-u2` does not have its own cluster services like `etcd`, `ingress`, and `monitoring`, the applications will use the cluster services of the parent tenant. This in turn means: diff --git a/packages/apps/tenant/templates/etcd.yaml b/packages/apps/tenant/templates/etcd.yaml index 917cf4b4..17b66683 100644 --- a/packages/apps/tenant/templates/etcd.yaml +++ b/packages/apps/tenant/templates/etcd.yaml @@ -1,5 +1,5 @@ {{- if .Values.etcd }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: etcd diff --git a/packages/apps/tenant/templates/ingress.yaml b/packages/apps/tenant/templates/ingress.yaml index 7c413db5..b93ae0fa 100644 --- a/packages/apps/tenant/templates/ingress.yaml +++ b/packages/apps/tenant/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress diff --git a/packages/apps/tenant/templates/monitoring.yaml b/packages/apps/tenant/templates/monitoring.yaml index d0db03b5..93772546 100644 --- a/packages/apps/tenant/templates/monitoring.yaml +++ b/packages/apps/tenant/templates/monitoring.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: monitoring diff --git a/packages/apps/versions_map b/packages/apps/versions_map index 5d5d46b8..d2968be0 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -1,14 +1,18 @@ clickhouse 0.1.0 ca79f72 clickhouse 0.2.0 7cd7de73 clickhouse 0.2.1 HEAD +ferretdb 0.1.0 HEAD http-cache 0.1.0 a956713 http-cache 0.2.0 HEAD kafka 0.1.0 760f86d2 -kafka 0.2.0 HEAD +kafka 0.2.0 a2cc83d +kafka 0.2.1 HEAD kubernetes 0.1.0 f642698 kubernetes 0.2.0 7cd7de73 kubernetes 0.3.0 7caccec1 -kubernetes 0.4.0 HEAD +kubernetes 0.4.0 6cae6ce8 +kubernetes 0.5.0 6bd2d455 +kubernetes 0.6.0 HEAD mysql 0.1.0 f642698 mysql 0.2.0 8b975ff0 mysql 0.3.0 HEAD @@ -26,7 +30,8 @@ tenant 0.1.3 3d1b86c tenant 0.1.4 d200480 tenant 0.1.5 e3ab858 tenant 1.0.0 7cd7de7 -tenant 1.1.0 HEAD +tenant 1.1.0 4da8ac3b +tenant 1.2.0 HEAD virtual-machine 0.1.4 f2015d6 virtual-machine 0.1.5 7cd7de7 virtual-machine 0.2.0 HEAD diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile deleted file mode 100644 index 9a44bd14..00000000 --- a/packages/core/fluxcd/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -NAME=fluxcd -NAMESPACE=cozy-$(NAME) - -API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions)) - -show: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) - -apply: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f- - -diff: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- - -update: - rm -rf charts - helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts - helm repo update fluxcd-community - helm pull fluxcd-community/flux2 --untar --untardir charts - sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts` diff --git a/packages/core/fluxcd/charts/flux2/Chart.yaml b/packages/core/fluxcd/charts/flux2/Chart.yaml deleted file mode 100644 index 8e37f2cb..00000000 --- a/packages/core/fluxcd/charts/flux2/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -annotations: - artifacthub.io/changes: | - - "[Chore]: Update App Version to upstream 2.2.3" -apiVersion: v2 -appVersion: 2.2.3 -description: A Helm chart for flux2 -name: flux2 -sources: -- https://github.com/fluxcd-community/helm-charts -type: application -version: 2.12.4 diff --git a/packages/core/fluxcd/charts/flux2/README.md b/packages/core/fluxcd/charts/flux2/README.md deleted file mode 100644 index 3aa73fa7..00000000 --- a/packages/core/fluxcd/charts/flux2/README.md +++ /dev/null @@ -1,174 +0,0 @@ -# flux2 - -![Version: 2.12.4](https://img.shields.io/badge/Version-2.12.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) - -A Helm chart for flux2 - -This helm chart is maintained and released by the fluxcd-community on a best effort basis. - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| cli.affinity | object | `{}` | | -| cli.annotations | object | `{}` | | -| cli.image | string | `"ghcr.io/fluxcd/flux-cli"` | | -| cli.nodeSelector | object | `{}` | | -| cli.serviceAccount.automount | bool | `true` | | -| cli.tag | string | `"v2.2.3"` | | -| cli.tolerations | list | `[]` | | -| clusterDomain | string | `"cluster.local"` | | -| crds.annotations | object | `{}` | Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep | -| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | -| helmController.affinity | object | `{}` | | -| helmController.annotations."prometheus.io/port" | string | `"8080"` | | -| helmController.annotations."prometheus.io/scrape" | string | `"true"` | | -| helmController.container.additionalArgs | list | `[]` | | -| helmController.create | bool | `true` | | -| helmController.extraEnv | list | `[]` | | -| helmController.image | string | `"ghcr.io/fluxcd/helm-controller"` | | -| helmController.imagePullPolicy | string | `""` | | -| helmController.labels | object | `{}` | | -| helmController.nodeSelector | object | `{}` | | -| helmController.priorityClassName | string | `""` | | -| helmController.resources.limits | object | `{}` | | -| helmController.resources.requests.cpu | string | `"100m"` | | -| helmController.resources.requests.memory | string | `"64Mi"` | | -| helmController.serviceAccount.annotations | object | `{}` | | -| helmController.serviceAccount.automount | bool | `true` | | -| helmController.serviceAccount.create | bool | `true` | | -| helmController.tag | string | `"v0.37.4"` | | -| helmController.tolerations | list | `[]` | | -| imageAutomationController.affinity | object | `{}` | | -| imageAutomationController.annotations."prometheus.io/port" | string | `"8080"` | | -| imageAutomationController.annotations."prometheus.io/scrape" | string | `"true"` | | -| imageAutomationController.container.additionalArgs | list | `[]` | | -| imageAutomationController.create | bool | `true` | | -| imageAutomationController.extraEnv | list | `[]` | | -| imageAutomationController.image | string | `"ghcr.io/fluxcd/image-automation-controller"` | | -| imageAutomationController.imagePullPolicy | string | `""` | | -| imageAutomationController.labels | object | `{}` | | -| imageAutomationController.nodeSelector | object | `{}` | | -| imageAutomationController.priorityClassName | string | `""` | | -| imageAutomationController.resources.limits | object | `{}` | | -| imageAutomationController.resources.requests.cpu | string | `"100m"` | | -| imageAutomationController.resources.requests.memory | string | `"64Mi"` | | -| imageAutomationController.serviceAccount.annotations | object | `{}` | | -| imageAutomationController.serviceAccount.automount | bool | `true` | | -| imageAutomationController.serviceAccount.create | bool | `true` | | -| imageAutomationController.tag | string | `"v0.37.1"` | | -| imageAutomationController.tolerations | list | `[]` | | -| imagePullSecrets | list | `[]` | contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers | -| imageReflectionController.affinity | object | `{}` | | -| imageReflectionController.annotations."prometheus.io/port" | string | `"8080"` | | -| imageReflectionController.annotations."prometheus.io/scrape" | string | `"true"` | | -| imageReflectionController.container.additionalArgs | list | `[]` | | -| imageReflectionController.create | bool | `true` | | -| imageReflectionController.extraEnv | list | `[]` | | -| imageReflectionController.image | string | `"ghcr.io/fluxcd/image-reflector-controller"` | | -| imageReflectionController.imagePullPolicy | string | `""` | | -| imageReflectionController.labels | object | `{}` | | -| imageReflectionController.nodeSelector | object | `{}` | | -| imageReflectionController.priorityClassName | string | `""` | | -| imageReflectionController.resources.limits | object | `{}` | | -| imageReflectionController.resources.requests.cpu | string | `"100m"` | | -| imageReflectionController.resources.requests.memory | string | `"64Mi"` | | -| imageReflectionController.serviceAccount.annotations | object | `{}` | | -| imageReflectionController.serviceAccount.automount | bool | `true` | | -| imageReflectionController.serviceAccount.create | bool | `true` | | -| imageReflectionController.tag | string | `"v0.31.2"` | | -| imageReflectionController.tolerations | list | `[]` | | -| installCRDs | bool | `true` | | -| kustomizeController.affinity | object | `{}` | | -| kustomizeController.annotations."prometheus.io/port" | string | `"8080"` | | -| kustomizeController.annotations."prometheus.io/scrape" | string | `"true"` | | -| kustomizeController.container.additionalArgs | list | `[]` | | -| kustomizeController.create | bool | `true` | | -| kustomizeController.envFrom | object | `{"map":{"name":""},"secret":{"name":""}}` | Defines envFrom using a configmap and/or secret. | -| kustomizeController.extraEnv | list | `[]` | | -| kustomizeController.extraSecretMounts | list | `[]` | Defines additional mounts with secrets. Secrets must be manually created in the namespace or with kustomizeController.secret | -| kustomizeController.image | string | `"ghcr.io/fluxcd/kustomize-controller"` | | -| kustomizeController.imagePullPolicy | string | `""` | | -| kustomizeController.labels | object | `{}` | | -| kustomizeController.nodeSelector | object | `{}` | | -| kustomizeController.priorityClassName | string | `""` | | -| kustomizeController.resources.limits | object | `{}` | | -| kustomizeController.resources.requests.cpu | string | `"100m"` | | -| kustomizeController.resources.requests.memory | string | `"64Mi"` | | -| kustomizeController.secret.create | bool | `false` | Create a secret to use it with extraSecretMounts. Defaults to false. | -| kustomizeController.secret.data | object | `{}` | | -| kustomizeController.secret.name | string | `""` | | -| kustomizeController.serviceAccount.annotations | object | `{}` | | -| kustomizeController.serviceAccount.automount | bool | `true` | | -| kustomizeController.serviceAccount.create | bool | `true` | | -| kustomizeController.tag | string | `"v1.2.2"` | | -| kustomizeController.tolerations | list | `[]` | | -| logLevel | string | `"info"` | | -| multitenancy.defaultServiceAccount | string | `"default"` | All Kustomizations and HelmReleases which don’t have spec.serviceAccountName specified, will use the default account from the tenant’s namespace. Tenants have to specify a service account in their Flux resources to be able to deploy workloads in their namespaces as the default account has no permissions. | -| multitenancy.enabled | bool | `false` | Implement the patches for Multi-tenancy lockdown. See https://fluxcd.io/docs/installation/#multi-tenancy-lockdown | -| multitenancy.privileged | bool | `true` | Both kustomize-controller and helm-controller service accounts run privileged with cluster-admin ClusterRoleBinding. Disable if you want to run them with a minimum set of permissions. | -| notificationController.affinity | object | `{}` | | -| notificationController.annotations."prometheus.io/port" | string | `"8080"` | | -| notificationController.annotations."prometheus.io/scrape" | string | `"true"` | | -| notificationController.container.additionalArgs | list | `[]` | | -| notificationController.create | bool | `true` | | -| notificationController.extraEnv | list | `[]` | | -| notificationController.image | string | `"ghcr.io/fluxcd/notification-controller"` | | -| notificationController.imagePullPolicy | string | `""` | | -| notificationController.labels | object | `{}` | | -| notificationController.nodeSelector | object | `{}` | | -| notificationController.priorityClassName | string | `""` | | -| notificationController.resources.limits | object | `{}` | | -| notificationController.resources.requests.cpu | string | `"100m"` | | -| notificationController.resources.requests.memory | string | `"64Mi"` | | -| notificationController.service.annotations | object | `{}` | | -| notificationController.service.labels | object | `{}` | | -| notificationController.serviceAccount.annotations | object | `{}` | | -| notificationController.serviceAccount.automount | bool | `true` | | -| notificationController.serviceAccount.create | bool | `true` | | -| notificationController.tag | string | `"v1.2.4"` | | -| notificationController.tolerations | list | `[]` | | -| notificationController.webhookReceiver.ingress.annotations | object | `{}` | | -| notificationController.webhookReceiver.ingress.create | bool | `false` | | -| notificationController.webhookReceiver.ingress.hosts[0].host | string | `"flux-webhook.example.com"` | | -| notificationController.webhookReceiver.ingress.hosts[0].paths[0].path | string | `"/"` | | -| notificationController.webhookReceiver.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| notificationController.webhookReceiver.ingress.labels | object | `{}` | | -| notificationController.webhookReceiver.ingress.tls | list | `[]` | | -| notificationController.webhookReceiver.service.annotations | object | `{}` | | -| notificationController.webhookReceiver.service.labels | object | `{}` | | -| policies.create | bool | `true` | | -| prometheus.podMonitor.create | bool | `false` | Enables podMonitor endpoint | -| prometheus.podMonitor.podMetricsEndpoints[0].port | string | `"http-prom"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].action | string | `"keep"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].regex | string | `"Running"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_phase"` | | -| rbac.annotations | object | `{}` | Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep | -| rbac.create | bool | `true` | | -| rbac.createAggregation | bool | `true` | Grant the Kubernetes view, edit and admin roles access to Flux custom resources | -| sourceController.affinity | object | `{}` | | -| sourceController.annotations."prometheus.io/port" | string | `"8080"` | | -| sourceController.annotations."prometheus.io/scrape" | string | `"true"` | | -| sourceController.container.additionalArgs | list | `[]` | | -| sourceController.create | bool | `true` | | -| sourceController.extraEnv | list | `[]` | | -| sourceController.image | string | `"ghcr.io/fluxcd/source-controller"` | | -| sourceController.imagePullPolicy | string | `""` | | -| sourceController.labels | object | `{}` | | -| sourceController.nodeSelector | object | `{}` | | -| sourceController.priorityClassName | string | `""` | | -| sourceController.resources.limits | object | `{}` | | -| sourceController.resources.requests.cpu | string | `"100m"` | | -| sourceController.resources.requests.memory | string | `"64Mi"` | | -| sourceController.service.annotations | object | `{}` | | -| sourceController.service.labels | object | `{}` | | -| sourceController.serviceAccount.annotations | object | `{}` | | -| sourceController.serviceAccount.automount | bool | `true` | | -| sourceController.serviceAccount.create | bool | `true` | | -| sourceController.tag | string | `"v1.2.4"` | | -| sourceController.tolerations | list | `[]` | | -| watchAllNamespaces | bool | `true` | | diff --git a/packages/core/fluxcd/charts/flux2/templates/_helper.tpl b/packages/core/fluxcd/charts/flux2/templates/_helper.tpl deleted file mode 100644 index 6a36293e..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/_helper.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "template.image" -}} -{{- if eq (substr 0 7 .tag) "sha256:" -}} -{{- printf "%s@%s" .image .tag -}} -{{- else -}} -{{- printf "%s:%s" .image .tag -}} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml b/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml deleted file mode 100644 index 432895b2..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.rbac.createAggregation }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: flux-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: ["*"] - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: flux-view - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: - - apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: ["*"] - verbs: - - get - - list - - watch -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml deleted file mode 100644 index 63dc8572..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.rbac.create (or (not .Values.multitenancy.enabled) .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: cluster-reconciler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.rbac.roleRef.name }} -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} -- kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml deleted file mode 100644 index e77c13ea..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.rbac.create .Values.multitenancy.enabled (not .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: cluster-reconciler-impersonator - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: -- apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["impersonate"] -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml deleted file mode 100644 index 588c7d49..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.rbac.create .Values.multitenancy.enabled (not .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: cluster-reconciler-impersonator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-reconciler-impersonator -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} -- kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml b/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml deleted file mode 100644 index cea0a1ca..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- if and .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: crd-controller - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: -- apiGroups: ['source.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['kustomize.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['helm.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['notification.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['image.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -# required by leader election -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml deleted file mode 100644 index 51e716f0..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: crd-controller - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller -subjects: - - kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: source-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: notification-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: image-reflector-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: image-automation-controller - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml b/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml deleted file mode 100644 index a9bb3b6b..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraObjects }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml deleted file mode 100644 index 9d4ff589..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.helmController.create}} -{{- if .Values.helmController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: helm-controller - {{- with .Values.helmController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml deleted file mode 100644 index 0a930d37..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml +++ /dev/null @@ -1,2268 +0,0 @@ -{{- if and .Values.installCRDs .Values.helmController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v2beta1 HelmRelease is deprecated, upgrade to v2beta2 - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - driftDetection: - description: "DriftDetection holds the configuration for detecting - and handling differences between the manifest in the Helm storage - and the resources currently existing in the cluster. \n Note: this - field is provisional to the v2beta2 API, and not actively used by - v2beta1 HelmReleases." - properties: - ignore: - description: Ignore contains a list of rules for specifying which - changes to ignore during diffing. - items: - description: IgnoreRule defines a rule to selectively disregard - specific changes during the drift detection process. - properties: - paths: - description: Paths is a list of JSON Pointer (RFC 6901) - paths to be excluded from consideration in a Kubernetes - object. - items: - type: string - type: array - target: - description: Target is a selector for specifying Kubernetes - objects to which this rule applies. If Target is not set, - the Paths will be ignored for all Kubernetes objects within - the manifest of the Helm release. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - paths - type: object - type: array - mode: - description: Mode defines how differences should be handled between - the Helm manifest and the manifest currently applied to the - cluster. If not explicitly set, it defaults to DiffModeDisabled. - enum: - - enabled - - warn - - disabled - type: string - type: object - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. This - interval is approximate and may be subject to jitter to ensure efficient - use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: DeletionPropagation specifies the deletion propagation - policy when a Helm uninstall is performed. - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - When set, must be a valid Data Key, consisting of alphanumeric - characters, '-', '_' or '.'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - history: - description: "History holds the history of Helm releases performed - for this HelmRelease up to the last successfully completed release. - \n Note: this field is provisional to the v2beta2 API, and not actively - used by v2beta1 HelmReleases." - items: - description: Snapshot captures a point-in-time copy of the status - information for a Helm release, as managed by the controller. - properties: - apiVersion: - description: 'APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field - is changed, this field will be used to distinguish between - the old and new methods.' - type: string - chartName: - description: ChartName is the chart name of the release object - in storage. - type: string - chartVersion: - description: ChartVersion is the chart version of the release - object in storage. - type: string - configDigest: - description: ConfigDigest is the checksum of the config (better - known as "values") of the release object in storage. It has - the format of `:`. - type: string - deleted: - description: Deleted is when the release was deleted. - format: date-time - type: string - digest: - description: Digest is the checksum of the release object in - storage. It has the format of `:`. - type: string - firstDeployed: - description: FirstDeployed is when the release was first deployed. - format: date-time - type: string - lastDeployed: - description: LastDeployed is when the release was last deployed. - format: date-time - type: string - name: - description: Name is the name of the release. - type: string - namespace: - description: Namespace is the namespace the release is deployed - to. - type: string - status: - description: Status is the current state of the release. - type: string - testHooks: - additionalProperties: - description: TestHookStatus holds the status information for - a test hook as observed to be run by the controller. - properties: - lastCompleted: - description: LastCompleted is the time the test hook last - completed. - format: date-time - type: string - lastStarted: - description: LastStarted is the time the test hook was - last started. - format: date-time - type: string - phase: - description: Phase the test hook was observed to be in. - type: string - type: object - description: TestHooks is the list of test hooks for the release - as observed to be run by the controller. - type: object - version: - description: Version is the version of the release object in - storage. - type: integer - required: - - chartName - - chartVersion - - configDigest - - digest - - firstDeployed - - lastDeployed - - name - - namespace - - status - - version - type: object - type: array - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedConfigDigest: - description: "LastAttemptedConfigDigest is the digest for the config - (better known as \"values\") of the last reconciliation attempt. - \n Note: this field is provisional to the v2beta2 API, and not actively - used by v2beta1 HelmReleases." - type: string - lastAttemptedGeneration: - description: "LastAttemptedGeneration is the last generation the controller - attempted to reconcile. \n Note: this field is provisional to the - v2beta2 API, and not actively used by v2beta1 HelmReleases." - format: int64 - type: integer - lastAttemptedReleaseAction: - description: "LastAttemptedReleaseAction is the last release action - performed for this HelmRelease. It is used to determine the active - remediation strategy. \n Note: this field is provisional to the - v2beta2 API, and not actively used by v2beta1 HelmReleases." - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledForceAt: - description: "LastHandledForceAt holds the value of the most recent - force request value, so a change of the annotation value can be - detected. \n Note: this field is provisional to the v2beta2 API, - and not actively used by v2beta1 HelmReleases." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastHandledResetAt: - description: "LastHandledResetAt holds the value of the most recent - reset request value, so a change of the annotation value can be - detected. \n Note: this field is provisional to the v2beta2 API, - and not actively used by v2beta1 HelmReleases." - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - storageNamespace: - description: "StorageNamespace is the namespace of the Helm release - storage for the current release. \n Note: this field is provisional - to the v2beta2 API, and not actively used by v2beta1 HelmReleases." - type: string - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta2 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - maxLength: 2048 - minLength: 1 - type: string - interval: - description: Interval at which to check the v1.Source for - updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1.Source the chart - is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - driftDetection: - description: DriftDetection holds the configuration for detecting - and handling differences between the manifest in the Helm storage - and the resources currently existing in the cluster. - properties: - ignore: - description: Ignore contains a list of rules for specifying which - changes to ignore during diffing. - items: - description: IgnoreRule defines a rule to selectively disregard - specific changes during the drift detection process. - properties: - paths: - description: Paths is a list of JSON Pointer (RFC 6901) - paths to be excluded from consideration in a Kubernetes - object. - items: - type: string - type: array - target: - description: Target is a selector for specifying Kubernetes - objects to which this rule applies. If Target is not set, - the Paths will be ignored for all Kubernetes objects within - the manifest of the Helm release. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - paths - type: object - type: array - mode: - description: Mode defines how differences should be handled between - the Helm manifest and the manifest currently applied to the - cluster. If not explicitly set, it defaults to DiffModeDisabled. - enum: - - enabled - - warn - - disabled - type: string - type: object - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '5'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML - objects. Deprecated: use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline - YAML objects. Deprecated: use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - maxLength: 253 - minLength: 1 - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - filters: - description: Filters is a list of tests to run or exclude from - running. - items: - description: Filter holds the configuration for individual Helm - test filters. - properties: - exclude: - description: Exclude specifies whether the named test should - be excluded. - type: boolean - name: - description: Name is the name of the test. - maxLength: 253 - minLength: 1 - type: string - required: - - name - type: object - type: array - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: DeletionPropagation specifies the deletion propagation - policy when a Helm uninstall is performed. - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - history: - description: History holds the history of Helm releases performed - for this HelmRelease up to the last successfully completed release. - items: - description: Snapshot captures a point-in-time copy of the status - information for a Helm release, as managed by the controller. - properties: - apiVersion: - description: 'APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field - is changed, this field will be used to distinguish between - the old and new methods.' - type: string - chartName: - description: ChartName is the chart name of the release object - in storage. - type: string - chartVersion: - description: ChartVersion is the chart version of the release - object in storage. - type: string - configDigest: - description: ConfigDigest is the checksum of the config (better - known as "values") of the release object in storage. It has - the format of `:`. - type: string - deleted: - description: Deleted is when the release was deleted. - format: date-time - type: string - digest: - description: Digest is the checksum of the release object in - storage. It has the format of `:`. - type: string - firstDeployed: - description: FirstDeployed is when the release was first deployed. - format: date-time - type: string - lastDeployed: - description: LastDeployed is when the release was last deployed. - format: date-time - type: string - name: - description: Name is the name of the release. - type: string - namespace: - description: Namespace is the namespace the release is deployed - to. - type: string - status: - description: Status is the current state of the release. - type: string - testHooks: - additionalProperties: - description: TestHookStatus holds the status information for - a test hook as observed to be run by the controller. - properties: - lastCompleted: - description: LastCompleted is the time the test hook last - completed. - format: date-time - type: string - lastStarted: - description: LastStarted is the time the test hook was - last started. - format: date-time - type: string - phase: - description: Phase the test hook was observed to be in. - type: string - type: object - description: TestHooks is the list of test hooks for the release - as observed to be run by the controller. - type: object - version: - description: Version is the version of the release object in - storage. - type: integer - required: - - chartName - - chartVersion - - configDigest - - digest - - firstDeployed - - lastDeployed - - name - - namespace - - status - - version - type: object - type: array - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: 'LastAppliedRevision is the revision of the last successfully - applied source. Deprecated: the revision can now be found in the - History.' - type: string - lastAttemptedConfigDigest: - description: LastAttemptedConfigDigest is the digest for the config - (better known as "values") of the last reconciliation attempt. - type: string - lastAttemptedGeneration: - description: LastAttemptedGeneration is the last generation the controller - attempted to reconcile. - format: int64 - type: integer - lastAttemptedReleaseAction: - description: LastAttemptedReleaseAction is the last release action - performed for this HelmRelease. It is used to determine the active - remediation strategy. - enum: - - install - - upgrade - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the Source revision of the last - reconciliation attempt. - type: string - lastAttemptedValuesChecksum: - description: 'LastAttemptedValuesChecksum is the SHA1 checksum for - the values of the last reconciliation attempt. Deprecated: Use LastAttemptedConfigDigest - instead.' - type: string - lastHandledForceAt: - description: LastHandledForceAt holds the value of the most recent - force request value, so a change of the annotation value can be - detected. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastHandledResetAt: - description: LastHandledResetAt holds the value of the most recent - reset request value, so a change of the annotation value can be - detected. - type: string - lastReleaseRevision: - description: 'LastReleaseRevision is the revision of the last successful - Helm release. Deprecated: Use History instead.' - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - storageNamespace: - description: StorageNamespace is the namespace of the Helm release - storage for the current release. - maxLength: 63 - minLength: 1 - type: string - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml deleted file mode 100644 index 8177c17c..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{- if and .Values.helmController.create}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.helmController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: helm-controller -spec: - {{- if kindIs "invalid" .Values.helmController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.helmController.replicas }} - {{- end}} - selector: - matchLabels: - app: helm-controller - template: - metadata: - {{- with .Values.helmController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: helm-controller -{{ with .Values.helmController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.helmController.serviceAccount.automount }} - {{- if .Values.helmController.initContainers}} - initContainers: - {{- toYaml .Values.helmController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.helmController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.helmController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.helmController }} - {{- if .Values.helmController.imagePullPolicy }} - imagePullPolicy: {{ .Values.helmController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.helmController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.helmController.securityContext }} - securityContext: {{ toYaml .Values.helmController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.helmController.volumeMounts }} - {{- toYaml .Values.helmController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.helmController.priorityClassName }} - priorityClassName: {{ .Values.helmController.priorityClassName | quote }} - {{- end }} - {{- if .Values.helmController.podSecurityContext }} - securityContext: {{ toYaml .Values.helmController.podSecurityContext | nindent 8 }} - {{- end }} - serviceAccountName: helm-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.helmController.volumes }} - {{- toYaml .Values.helmController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.helmController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.helmController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.helmController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml deleted file mode 100644 index ac41e696..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.imageAutomationController.create }} -{{- if .Values.imageAutomationController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: image-automation-controller - {{- with .Values.imageAutomationController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml deleted file mode 100644 index 53b711ee..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml +++ /dev/null @@ -1,326 +0,0 @@ -{{- if and .Values.installCRDs .Values.imageAutomationController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imageupdateautomations.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageUpdateAutomation - listKind: ImageUpdateAutomationList - plural: imageupdateautomations - singular: imageupdateautomation - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation - properties: - git: - description: GitSpec contains all the git-specific definitions. This - is technically optional, but in practice mandatory until there are - other kinds of source allowed. - properties: - checkout: - description: Checkout gives the parameters for cloning the git - repository, ready to make changes. If not present, the `spec.ref` - field from the referenced `GitRepository` or its default will - be used. - properties: - ref: - description: Reference gives a branch, tag or commit to clone - from the Git repository. - properties: - branch: - description: Branch to check out, defaults to 'master' - if no other field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence - over all reference fields. \n This can be combined with - Branch to shallow clone the branch, in which the commit - is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes - precedence over Branch, Tag and SemVer. \n It must be - a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: \"refs/heads/main\", \"refs/tags/v0.1.0\", - \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes - precedence over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - required: - - ref - type: object - commit: - description: Commit specifies how to commit to the git repository. - properties: - author: - description: Author gives the email and optionally the name - to use as the author of commits. - properties: - email: - description: Email gives the email to provide when making - a commit. - type: string - name: - description: Name gives the name to provide when making - a commit. - type: string - required: - - email - type: object - messageTemplate: - description: MessageTemplate provides a template for the commit - message, into which will be interpolated the details of - the change made. - type: string - signingKey: - description: SigningKey provides the option to sign commits - with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret that - contains a 'git.asc' key corresponding to the ASCII - Armored file containing the GPG signing keypair as the - value. It must be in the same namespace as the ImageUpdateAutomation. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - required: - - author - type: object - push: - description: Push specifies how and where to push commits made - by the automation. If missing, commits are pushed (back) to - `.spec.checkout.branch` or its default. - properties: - branch: - description: Branch specifies that commits should be pushed - to the branch named. The branch is created using `.spec.checkout.branch` - as the starting point, if it doesn't already exist. - type: string - options: - additionalProperties: - type: string - description: 'Options specifies the push options that are - sent to the Git server when performing a push operation. - For details, see: https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt' - type: object - refspec: - description: 'Refspec specifies the Git Refspec to use for - a push operation. If both Branch and Refspec are provided, - then the commit is pushed to the branch and also using the - specified refspec. For more details about Git Refspecs, - see: https://git-scm.com/book/en/v2/Git-Internals-The-Refspec' - type: string - type: object - required: - - commit - type: object - interval: - description: Interval gives an lower bound for how often the automation - run should be attempted. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - sourceRef: - description: SourceRef refers to the resource giving access details - to a git repository. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - default: GitRepository - description: Kind of the referent. - enum: - - GitRepository - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to not run this automation, - until it is unset (or set to false). Defaults to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update the - files in the repository. This can be left empty, to use the default - value. - properties: - path: - description: Path to the directory containing the manifests to - be updated. Defaults to 'None', which translates to the root - path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: ImageUpdateAutomationStatus defines the observed state of - ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the controller - ran this automation through to completion (even if no updates were - made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit made - by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml deleted file mode 100644 index 40e4da8d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.imageAutomationController.create}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.imageAutomationController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: image-automation-controller -spec: - {{- if kindIs "invalid" .Values.imageAutomationController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.imageAutomationController.replicas }} - {{- end}} - selector: - matchLabels: - app: image-automation-controller - template: - metadata: - {{- with .Values.imageAutomationController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: image-automation-controller -{{ with .Values.imageAutomationController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.imageAutomationController.serviceAccount.automount }} - {{- if .Values.imageAutomationController.initContainers}} - initContainers: - {{- toYaml .Values.imageAutomationController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.imageAutomationController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.imageAutomationController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.imageAutomationController }} - {{- if .Values.imageAutomationController.imagePullPolicy }} - imagePullPolicy: {{ .Values.imageAutomationController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.imageAutomationController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.imageAutomationController.securityContext }} - securityContext: {{ toYaml .Values.imageAutomationController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.imageAutomationController.volumeMounts }} - {{- toYaml .Values.imageAutomationController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.imageAutomationController.priorityClassName }} - priorityClassName: {{ .Values.imageAutomationController.priorityClassName | quote }} - {{- end }} - {{- if .Values.imageAutomationController.podSecurityContext }} - securityContext: {{ toYaml .Values.imageAutomationController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: image-automation-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.imageAutomationController.volumes }} - {{- toYaml .Values.imageAutomationController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.imageAutomationController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageAutomationController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageAutomationController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml deleted file mode 100644 index 16f9cb9d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.imageReflectionController.create }} -{{- if .Values.imageReflectionController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: image-reflector-controller - {{- with .Values.imageReflectionController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml deleted file mode 100644 index 1bf92fae..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml +++ /dev/null @@ -1,901 +0,0 @@ -{{- if and .Values.installCRDs .Values.imageReflectionController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imagepolicies.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy. - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - observedPreviousImage: - description: ObservedPreviousImage is the observed previous LatestImage. - It is used to keep track of the previous and current images. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imagerepositories.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageRepository - listKind: ImageRepositoryList - plural: imagerepositories - singular: imagerepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a secret containing - either or both of \n - a PEM-encoded client certificate (`certFile`) - and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - type: array - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - default: - - ^.*\.sig$ - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - maxItems: 25 - type: array - image: - description: Image is the name of the image repository - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - latestTags: - items: - type: string - type: array - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedExclusionList: - description: ObservedExclusionList is a list of observed exclusion - list. It reflects the exclusion rules used for the observed scan - result in spec.lastScanResult. - items: - type: string - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml deleted file mode 100644 index 6be9c3e1..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml +++ /dev/null @@ -1,139 +0,0 @@ -{{- if and .Values.imageReflectionController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.imageReflectionController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: image-reflector-controller -spec: - {{- if kindIs "invalid" .Values.imageReflectionController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.imageReflectionController.replicas }} - {{- end}} - selector: - matchLabels: - app: image-reflector-controller - template: - metadata: - {{- with .Values.imageReflectionController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: image-reflector-controller -{{ with .Values.imageReflectionController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.imageReflectionController.serviceAccount.automount }} - {{- if .Values.imageReflectionController.initContainers}} - initContainers: - {{- toYaml .Values.imageReflectionController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.imageReflectionController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.imageReflectionController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.imageReflectionController }} - {{- if .Values.imageReflectionController.imagePullPolicy }} - imagePullPolicy: {{ .Values.imageReflectionController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.imageReflectionController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.imageReflectionController.securityContext }} - securityContext: {{ toYaml .Values.imageReflectionController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - - mountPath: /data - name: data - {{- if .Values.imageReflectionController.volumeMounts }} - {{- toYaml .Values.imageReflectionController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.imageReflectionController.priorityClassName }} - priorityClassName: {{ .Values.imageReflectionController.priorityClassName | quote }} - {{- end }} - {{- if .Values.imageReflectionController.podSecurityContext }} - securityContext: {{ toYaml .Values.imageReflectionController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: image-reflector-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - - emptyDir: {} - name: data - {{- if .Values.imageReflectionController.volumes }} - {{- toYaml .Values.imageReflectionController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.imageReflectionController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageReflectionController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageReflectionController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml deleted file mode 100644 index 140c30b1..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kustomizeController.create }} -{{- if .Values.kustomizeController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: kustomize-controller - {{- with .Values.kustomizeController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml deleted file mode 100644 index 8a547043..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kustomizeController.secret.create }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.kustomizeController.secret.name }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -type: Opaque -data: - {{- range $key, $value := .Values.kustomizeController.secret.data }} - {{ $key }}: {{ $value | toString | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml deleted file mode 100644 index 433cce66..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml +++ /dev/null @@ -1,1640 +0,0 @@ -{{- if and .Values.installCRDs .Values.kustomizeController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names, and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml deleted file mode 100644 index 6473dbe0..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if and .Values.kustomizeController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.kustomizeController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: kustomize-controller -spec: - {{- if kindIs "invalid" .Values.kustomizeController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.kustomizeController.replicas }} - {{- end}} - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - {{- with .Values.kustomizeController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: kustomize-controller -{{ with .Values.kustomizeController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.kustomizeController.serviceAccount.automount }} - {{- if .Values.kustomizeController.initContainers}} - initContainers: - {{- toYaml .Values.kustomizeController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.kustomizeController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.kustomizeController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or (.Values.kustomizeController.envFrom.map.name) (.Values.kustomizeController.envFrom.secret.name) }} - envFrom: - {{- if .Values.kustomizeController.envFrom.map.name }} - - configMapRef: - name: {{ .Values.kustomizeController.envFrom.map.name }} - {{- end }} - {{- if .Values.kustomizeController.envFrom.secret.name }} - - secretRef: - name: {{ .Values.kustomizeController.envFrom.secret.name }} - {{- end }} - {{- end }} - image: {{ template "template.image" .Values.kustomizeController }} - {{- if .Values.kustomizeController.imagePullPolicy }} - imagePullPolicy: {{ .Values.kustomizeController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.kustomizeController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.kustomizeController.securityContext }} - securityContext: {{ toYaml .Values.kustomizeController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.kustomizeController.volumeMounts }} - {{- toYaml .Values.kustomizeController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.kustomizeController.priorityClassName }} - priorityClassName: {{ .Values.kustomizeController.priorityClassName | quote }} - {{- end }} - {{- range .Values.kustomizeController.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.kustomizeController.podSecurityContext }} - securityContext: {{ toYaml .Values.kustomizeController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: kustomize-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.kustomizeController.volumes }} - {{- toYaml .Values.kustomizeController.volumes | nindent 6 }} - {{- end}} - {{- range .Values.kustomizeController.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- with .Values.kustomizeController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kustomizeController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kustomizeController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml deleted file mode 100644 index 942cd68c..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.notificationController.create .Values.notificationController.webhookReceiver.ingress.create }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.webhookReceiver.ingress.labels }}{{ toYaml . | nindent 4 }}{{ end }} - {{- with .Values.notificationController.webhookReceiver.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ tpl $value $ | quote }} - {{- end }} - {{- end }} - name: webhook-receiver -spec: - {{- if .Values.notificationController.webhookReceiver.ingress.ingressClassName }} - ingressClassName: {{ .Values.notificationController.webhookReceiver.ingress.ingressClassName }} - {{- end -}} - {{- if .Values.notificationController.webhookReceiver.ingress.tls }} - tls: - {{- range .Values.notificationController.webhookReceiver.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.notificationController.webhookReceiver.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: webhook-receiver - port: - number: 80 - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml deleted file mode 100644 index b44e8dac..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.notificationController.create -}} -{{- if .Values.notificationController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: notification-controller - {{- with .Values.notificationController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml deleted file mode 100644 index 79b12dc6..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: notification-controller - {{- with .Values.notificationController.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - {{- if .Values.notificationController.service.ports }} - {{- toYaml .Values.notificationController.service.ports | nindent 2 }} - {{- end}} - selector: - app: notification-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml deleted file mode 100644 index 3d71034a..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.webhookReceiver.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: webhook-receiver - {{- with .Values.notificationController.webhookReceiver.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 9292 - selector: - app: notification-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml deleted file mode 100644 index b6dbf6ed..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml +++ /dev/null @@ -1,1790 +0,0 @@ -{{- if and .Values.installCRDs .Values.notificationController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Alert is deprecated, upgrade to v1beta3 - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an info log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an info log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Provider is deprecated, upgrade to v1beta3 - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - timeout: - description: Timeout for sending alerts to the provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the endpoint, in a generic sense, to - where alerts are sent. What kind of endpoint depends on the specific - Provider type being used. For the generic Provider, for example, - this is an HTTP/S address. For other Provider types this could be - a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` - key has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the endpoint, in a generic sense, to - where alerts are sent. What kind of endpoint depends on the specific - Provider type being used. For the generic Provider, for example, - this is an HTTP/S address. For other Provider types this could be - a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` - key has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. Deprecated and not used in v1beta3. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - - nats - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - default: 10m - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: 'URL is the generated incoming webhook address in the - format of ''/hook/sha256sum(token+name+namespace)''. Deprecated: - Replaced by WebhookPath.' - type: string - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml deleted file mode 100644 index d4d6772d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: notification-controller -spec: - {{- if kindIs "invalid" .Values.notificationController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.notificationController.replicas }} - {{- end}} - selector: - matchLabels: - app: notification-controller - template: - metadata: - {{- with .Values.notificationController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: notification-controller -{{ with .Values.notificationController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.notificationController.serviceAccount.automount }} - {{- if .Values.notificationController.initContainers}} - initContainers: - {{- toYaml .Values.notificationController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.notificationController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.notificationController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.notificationController }} - {{- if .Values.notificationController.imagePullPolicy }} - imagePullPolicy: {{ .Values.notificationController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.notificationController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.notificationController.securityContext }} - securityContext: {{ toYaml .Values.notificationController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.notificationController.volumeMounts }} - {{- toYaml .Values.notificationController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.notificationController.priorityClassName }} - priorityClassName: {{ .Values.notificationController.priorityClassName | quote }} - {{- end }} - {{- if .Values.notificationController.podSecurityContext }} - securityContext: {{ toYaml .Values.notificationController.podSecurityContext | nindent 8 }} - {{- end }} - serviceAccountName: notification-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.notificationController.volumes }} - {{- toYaml .Values.notificationController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.notificationController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notificationController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notificationController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml b/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml deleted file mode 100644 index 3db75272..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.prometheus.podMonitor.create }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ .Release.Name }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $value := .Values.prometheus.podMonitor.additionalLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchExpressions: - - key: app - operator: In - values: - - helm-controller - - source-controller - - kustomize-controller - - notification-controller - - image-automation-controller - - image-reflector-controller - podMetricsEndpoints: -{{ toYaml .Values.prometheus.podMonitor.podMetricsEndpoints | indent 4 }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/policies.yaml b/packages/core/fluxcd/charts/flux2/templates/policies.yaml deleted file mode 100644 index 731e2980..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/policies.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if and .Values.policies.create}} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-egress -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-scraping -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-webhooks -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml b/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml deleted file mode 100644 index f6348698..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: "{{ .Release.Name }}-flux-check" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml b/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml deleted file mode 100644 index 2c2541f5..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-flux-check" - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - metadata: - name: "{{ .Release.Name }}" - {{- with .Values.cli.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - spec: - restartPolicy: Never - serviceAccountName: "{{ .Release.Name }}-flux-check" - automountServiceAccountToken: {{ .Values.cli.serviceAccount.automount }} - containers: - - name: flux-cli - image: {{ template "template.image" .Values.cli }} - command: ["/usr/local/bin/flux", "check", "--pre", "--namespace", {{ .Release.Namespace }}] - {{- with .Values.cli.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.cli.securityContext }} - securityContext: {{ toYaml .Values.cli.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - {{- if .Values.cli.volumeMounts }} - volumeMounts: - {{- toYaml .Values.cli.volumeMounts | nindent 10 }} - {{- end}} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - {{- with .Values.cli.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.cli.volumes }} - volumes: - {{- toYaml .Values.cli.volumes | nindent 8 }} - {{- end}} - {{- with .Values.cli.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.cli.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml deleted file mode 100644 index 25caae35..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.sourceController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.sourceController.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: source-controller - {{- with .Values.sourceController.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - {{- if .Values.sourceController.service.ports }} - {{- toYaml .Values.sourceController.service.ports | nindent 2 }} - {{- end}} - selector: - app: source-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml deleted file mode 100644 index 286a625f..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.sourceController.create -}} -{{- if .Values.sourceController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: source-controller - {{- with .Values.sourceController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml deleted file mode 100644 index d4fccd6d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml +++ /dev/null @@ -1,3291 +0,0 @@ -{{- if and .Values.installCRDs .Values.sourceController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which the Bucket Endpoint is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - prefix: - description: Prefix to use for server-side filtering of files in the - Bucket. - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which the GitRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxySecretRef: - description: ProxySecretRef specifies the Secret containing the proxy - configuration to use while communicating with the Git server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - default: HEAD - description: "Mode specifies which Git object(s) should be verified. - \n The variants \"head\" and \"HEAD\" both imply the same thing, - i.e. verify the commit that the HEAD of the Git repository points - to. The variant \"head\" solely exists to ensure backwards compatibility." - enum: - - head - - HEAD - - Tag - - TagAndHEAD - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - sourceVerificationMode: - description: SourceVerificationMode is the last used verification - mode indicating which Git object(s) have been verified. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: 'GitImplementation specifies which Git client library - implementation to use. Defaults to ''go-git'', valid values are - (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated - now that ''go-git'' is the only supported implementation.' - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `:`, - for example: `sha256:`. \n Deprecated: Replaced with explicit - fields for observed artifact content config in the status." - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which the HelmChart SourceRef is checked - for updates. This interval is approximate and may be subject to - jitter to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. This field is only - supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart - artifact, are not verified. - properties: - matchOIDCIdentity: - description: MatchOIDCIdentity specifies the identity matching - criteria to use while verifying an OCI artifact which was signed - using Cosign keyless signing. The artifact's identity is deemed - to be verified if any of the specified matchers match against - the identity. - items: - description: OIDCIdentityMatch specifies options for verifying - the certificate identity, i.e. the issuer and the subject - of the certificate. - properties: - issuer: - description: Issuer specifies the regex pattern to match - against to verify the OIDC issuer in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - subject: - description: Subject specifies the regex pattern to match - against to verify the identity subject in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caFile fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. This field is only taken into account if the .spec.type - field is set to 'oci'. - type: boolean - interval: - description: Interval at which the HelmRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - provider: - default: generic - description: Provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. This field is optional, and only taken into - account if the .spec.type field is set to 'oci'. When not specified, - defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. Support for TLS auth - using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. - Please use `.spec.certSecretRef` instead. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - description: Timeout is used for the index fetch operation for an - HTTPS helm repository, and for remote OCI Repository operations - like pulling for an OCI helm chart by the associated HelmChart. - Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - pattern: ^(http|https|oci)://.*$ - type: string - required: - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: ocirepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: OCIRepository - listKind: OCIRepositoryList - plural: ocirepositories - shortNames: - - ocirepo - singular: ocirepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - have been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval at which the OCIRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: LayerSelector specifies which layer should be extracted - from the OCI artifact. When not specified, the first layer found - in the artifact is selected. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - ref: - description: The OCI reference to pull and monitor for changes, defaults - to the latest tag. - properties: - digest: - description: Digest is the image digest to pull, takes precedence - over SemVer. The value should be in the format 'sha256:'. - type: string - semver: - description: SemVer is the range of tags to pull selecting the - latest within the range, takes precedence over Tag. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: SecretRef contains the secret name containing the registry - login credentials to resolve image metadata. The secret must be - of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. - properties: - matchOIDCIdentity: - description: MatchOIDCIdentity specifies the identity matching - criteria to use while verifying an OCI artifact which was signed - using Cosign keyless signing. The artifact's identity is deemed - to be verified if any of the specified matchers match against - the identity. - items: - description: OIDCIdentityMatch specifies options for verifying - the certificate identity, i.e. the issuer and the subject - of the certificate. - properties: - issuer: - description: Issuer specifies the regex pattern to match - against to verify the OIDC issuer in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - subject: - description: Subject specifies the regex pattern to match - against to verify the identity subject in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.layerSelector observed in .status.observedGeneration version - of the object. This can be used to determine if the content configuration - has changed and the artifact needs to be rebuilt. It has the format - of `:`, for example: `sha256:`. \n Deprecated: - Replaced with explicit fields for observed artifact content config - in the status." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedLayerSelector: - description: ObservedLayerSelector is the observed layer selector - used for constructing the source artifact. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml deleted file mode 100644 index 517b54bd..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{- if .Values.sourceController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.sourceController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: source-controller -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - {{- with .Values.sourceController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: source-controller -{{ with .Values.sourceController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.sourceController.serviceAccount.automount }} - {{- if .Values.sourceController.initContainers}} - initContainers: - {{- toYaml .Values.sourceController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc - {{- range .Values.sourceController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.sourceController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.sourceController }} - {{- if .Values.sourceController.imagePullPolicy }} - imagePullPolicy: {{ .Values.sourceController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - {{- with .Values.sourceController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.sourceController.securityContext }} - securityContext: {{ toYaml .Values.sourceController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - {{- if .Values.sourceController.volumeMounts }} - {{- toYaml .Values.sourceController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.sourceController.priorityClassName }} - priorityClassName: {{ .Values.sourceController.priorityClassName | quote }} - {{- end }} - {{- if .Values.sourceController.podSecurityContext }} - securityContext: {{ toYaml .Values.sourceController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: source-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp - {{- if .Values.sourceController.volumes }} - {{- toYaml .Values.sourceController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.sourceController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sourceController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sourceController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/values.yaml b/packages/core/fluxcd/charts/flux2/values.yaml deleted file mode 100644 index 379c07e8..00000000 --- a/packages/core/fluxcd/charts/flux2/values.yaml +++ /dev/null @@ -1,327 +0,0 @@ -# global - -installCRDs: true -crds: - # -- Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep - annotations: {} - -multitenancy: - # -- Implement the patches for Multi-tenancy lockdown. - # See https://fluxcd.io/docs/installation/#multi-tenancy-lockdown - enabled: false - # -- All Kustomizations and HelmReleases which don’t have spec.serviceAccountName - # specified, will use the default account from the tenant’s namespace. - # Tenants have to specify a service account in their Flux resources to be able - # to deploy workloads in their namespaces as the default account has no permissions. - defaultServiceAccount: "default" - # -- Both kustomize-controller and helm-controller service accounts run privileged - # with cluster-admin ClusterRoleBinding. Disable if you want to run them with a - # minimum set of permissions. - privileged: true - -clusterDomain: cluster.local - -cli: - image: ghcr.io/fluxcd/flux-cli - tag: v2.2.3 - nodeSelector: {} - affinity: {} - tolerations: [] - annotations: {} - serviceAccount: - automount: true - -# controllers - -helmController: - create: true - image: ghcr.io/fluxcd/helm-controller - tag: v0.37.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core - # for example: - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: foo.bar.com/role - # operator: In - # values: - # - master - - affinity: {} - # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core - # for example: - # tolerations: - # - key: foo.bar.com/role - # operator: Equal - # value: master - # effect: NoSchedule - - tolerations: [] - -imageAutomationController: - create: true - image: ghcr.io/fluxcd/image-automation-controller - tag: v0.37.1 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - affinity: {} - tolerations: [] - -imageReflectionController: - create: true - image: ghcr.io/fluxcd/image-reflector-controller - tag: v0.31.2 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - affinity: {} - tolerations: [] - -kustomizeController: - create: true - image: ghcr.io/fluxcd/kustomize-controller - tag: v1.2.2 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - secret: - # -- Create a secret to use it with extraSecretMounts. Defaults to false. - create: false - name: "" - data: {} - # -- Defines envFrom using a configmap and/or secret. - envFrom: - map: - name: "" - secret: - name: "" - # -- Defines additional mounts with secrets. - # Secrets must be manually created in the namespace or with kustomizeController.secret - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: secret-files - # readOnly: true - - nodeSelector: {} - affinity: {} - tolerations: [] - -notificationController: - create: true - image: ghcr.io/fluxcd/notification-controller - tag: v1.2.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - service: - labels: {} - annotations: {} - webhookReceiver: - service: - labels: {} - annotations: {} - ingress: - create: false - # ingressClassName: nginx - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - hosts: - - host: flux-webhook.example.com - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: flux-webhook-tls - # hosts: - # - flux-webhook.example.com - - - nodeSelector: {} - affinity: {} - tolerations: [] - -sourceController: - create: true - image: ghcr.io/fluxcd/source-controller - tag: v1.2.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - service: - labels: {} - annotations: {} - nodeSelector: {} - affinity: {} - tolerations: [] - extraEnv: [] - -policies: - create: true - -rbac: - create: true - # -- Grant the Kubernetes view, edit and admin roles access to Flux custom resources - createAggregation: true - # -- Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep - annotations: {} - roleRef: - name: cluster-admin - -logLevel: info -watchAllNamespaces: true - -# -- contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers -imagePullSecrets: [] - -# -- Array of extra K8s manifests to deploy -extraObjects: [] -# Example usage from https://fluxcd.io/docs/components/source/buckets/#static-authentication -# - apiVersion: source.toolkit.fluxcd.io/v1beta2 -# kind: Bucket -# metadata: -# name: podinfo -# namespace: default -# spec: -# interval: 1m -# provider: generic -# bucketName: podinfo -# endpoint: minio.minio.svc.cluster.local:9000 -# insecure: true -# secretRef: -# name: minio-credentials -# - apiVersion: v1 -# kind: Secret -# metadata: -# name: minio-credentials -# namespace: default -# type: Opaque -# data: -# accesskey: -# secretkey: - -# Enables podMonitor creation for the Prometheus Operator -prometheus: - podMonitor: - # -- Enables podMonitor endpoint - create: false - podMetricsEndpoints: - - port: http-prom - relabelings: - # https://github.com/prometheus-operator/prometheus-operator/issues/4816 - - sourceLabels: [__meta_kubernetes_pod_phase] - action: keep - regex: Running diff --git a/packages/core/installer/images/cozystack.json b/packages/core/installer/images/cozystack.json index 63a732c3..571f9aa7 100644 --- a/packages/core/installer/images/cozystack.json +++ b/packages/core/installer/images/cozystack.json @@ -1,10 +1,10 @@ { - "buildx.build.ref": "youthful_hertz/youthful_hertz0/aafwjh8j28i98f59smgh3qe86", + "buildx.build.ref": "priceless_leavitt/priceless_leavitt0/ta5cc9q3mqtwjyuvg8fviqhe6", "containerimage.descriptor": { "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", - "digest": "sha256:e0c0defb9f5b10f5187d4002ccec7d01841e96c7350963f253003c0efeff6cef", + "digest": "sha256:bcaef325861d91b955f536bdd57ae3a6099d8657f081054a6dee3c027cfce97f", "size": 685 }, - "containerimage.digest": "sha256:e0c0defb9f5b10f5187d4002ccec7d01841e96c7350963f253003c0efeff6cef", - "image.name": "ghcr.io/aenix-io/cozystack/cozystack:latest" + "containerimage.digest": "sha256:bcaef325861d91b955f536bdd57ae3a6099d8657f081054a6dee3c027cfce97f", + "image.name": "ghcr.io/aenix-io/cozystack/cozystack:v0.9.0" } \ No newline at end of file diff --git a/packages/core/installer/images/cozystack.tag b/packages/core/installer/images/cozystack.tag index 602d7b26..aff03e70 100644 --- a/packages/core/installer/images/cozystack.tag +++ b/packages/core/installer/images/cozystack.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/cozystack:latest +ghcr.io/aenix-io/cozystack/cozystack:v0.9.0 diff --git a/packages/core/installer/images/matchbox.json b/packages/core/installer/images/matchbox.json index d5bf9ebe..930a0ce7 100644 --- a/packages/core/installer/images/matchbox.json +++ b/packages/core/installer/images/matchbox.json @@ -1,4 +1,45 @@ { - "containerimage.config.digest": "sha256:ed483d1187cdfeb92df319a30dde57141ceb1d4bafcc28ba006a1e60abc445ff", - "containerimage.digest": "sha256:000a46c2bffc3cf13909dc0ca570cdcea9692d85b1ef2a875afe08ea8136d2c2" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/quay.io/poseidon/matchbox@v0.10.0?platform=linux%2Famd64", + "digest": { + "sha256": "e14cc4a8f6e8f1182fce74d04fe949b6bfc91b04132b3944297661e2c38c9790" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "priceless_leavitt/priceless_leavitt0/k5n5is33n6zu6an3nmlnylejx", + "containerimage.config.digest": "sha256:4676a205eae74f1b16a9065921c612ee85e123ab6566a238edb4bbaf79b2e148", + "containerimage.descriptor": { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "digest": "sha256:7aa044756c40c2a222668f735ad9490b52341b57dca27e57b98f5de235d87ad7", + "size": 1488, + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + "containerimage.digest": "sha256:7aa044756c40c2a222668f735ad9490b52341b57dca27e57b98f5de235d87ad7", + "image.name": "ghcr.io/aenix-io/cozystack/matchbox:v0.9.0,ghcr.io/aenix-io/cozystack/matchbox:v1.7.1-v0.9.0" } \ No newline at end of file diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index 1fd9590a..c3e65e3f 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -1,6 +1,19 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} releases: +- name: fluxcd-operator + releaseName: fluxcd-operator + chart: cozy-fluxcd-operator + namespace: cozy-fluxcd + privileged: true + dependsOn: [] + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [fluxcd-operator,cilium] + - name: cilium releaseName: cilium chart: cozy-cilium diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index 41d027fe..6923c1fb 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -1,6 +1,19 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} releases: +- name: fluxcd-operator + releaseName: fluxcd-operator + chart: cozy-fluxcd-operator + namespace: cozy-fluxcd + privileged: true + dependsOn: [] + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [fluxcd-operator] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 6ee2ad41..4ed95257 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -1,6 +1,19 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} releases: +- name: fluxcd-operator + releaseName: fluxcd-operator + chart: cozy-fluxcd-operator + namespace: cozy-fluxcd + privileged: true + dependsOn: [] + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [fluxcd-operator,cilium,kubeovn] + - name: cilium releaseName: cilium chart: cozy-cilium @@ -153,8 +166,8 @@ releases: chart: cozy-dashboard namespace: cozy-dashboard dependsOn: [cilium,kubeovn] - {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} - {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }} values: kubeapps: redis: diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index a9c33818..60194d84 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -1,6 +1,19 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} releases: +- name: fluxcd-operator + releaseName: fluxcd-operator + chart: cozy-fluxcd-operator + namespace: cozy-fluxcd + privileged: true + dependsOn: [] + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [fluxcd-operator] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager @@ -91,8 +104,8 @@ releases: chart: cozy-dashboard namespace: cozy-dashboard dependsOn: [] - {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} - {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }} values: kubeapps: redis: diff --git a/packages/core/platform/templates/apps.yaml b/packages/core/platform/templates/apps.yaml index 2ba4f8ed..073edbdb 100644 --- a/packages/core/platform/templates/apps.yaml +++ b/packages/core/platform/templates/apps.yaml @@ -3,8 +3,8 @@ {{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }} {{- $host := "example.org" }} {{- $tenantRoot := list }} -{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta2" }} -{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "tenant-root" "tenant-root" }} +{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }} +{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }} {{- end }} {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }} {{- $host = $tenantRoot.spec.values.host }} @@ -22,7 +22,7 @@ metadata: namespace.cozystack.io/host: "{{ $host }}" name: tenant-root --- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: tenant-root diff --git a/packages/core/platform/templates/helmreleases.yaml b/packages/core/platform/templates/helmreleases.yaml index 5834c0be..eaee0ea6 100644 --- a/packages/core/platform/templates/helmreleases.yaml +++ b/packages/core/platform/templates/helmreleases.yaml @@ -12,7 +12,7 @@ {{- range $x := $bundle.releases }} {{- if not (has $x.name $disabledComponents) }} --- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ $x.name }} @@ -20,7 +20,7 @@ metadata: labels: cozystack.io/repository: system spec: - interval: 1m + interval: 5m releaseName: {{ $x.releaseName | default $x.name }} install: crds: CreateReplace diff --git a/packages/core/platform/templates/helmrepos.yaml b/packages/core/platform/templates/helmrepos.yaml index 3e061e41..69f77534 100644 --- a/packages/core/platform/templates/helmrepos.yaml +++ b/packages/core/platform/templates/helmrepos.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-system @@ -10,7 +10,7 @@ spec: interval: 5m0s url: http://cozystack.cozy-system.svc/repos/system --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-apps @@ -22,7 +22,7 @@ spec: interval: 5m0s url: http://cozystack.cozy-system.svc/repos/apps --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-extra diff --git a/packages/core/platform/templates/namespaces.yaml b/packages/core/platform/templates/namespaces.yaml index fd3a58e0..0d35d7ec 100644 --- a/packages/core/platform/templates/namespaces.yaml +++ b/packages/core/platform/templates/namespaces.yaml @@ -16,7 +16,6 @@ {{/* Add extra namespaces */}} {{- $_ := set $namespaces "cozy-public" false }} -{{- $_ := set $namespaces "cozy-fluxcd" false }} {{- range $namespace, $privileged := $namespaces }} --- diff --git a/packages/extra/ingress/Chart.yaml b/packages/extra/ingress/Chart.yaml index e9d3511f..b646aedb 100644 --- a/packages/extra/ingress/Chart.yaml +++ b/packages/extra/ingress/Chart.yaml @@ -3,4 +3,4 @@ name: ingress description: NGINX Ingress Controller icon: https://docs.nginx.com/nginx-ingress-controller/images/icons/NGINX-Ingress-Controller-product-icon.svg type: application -version: 1.1.0 +version: 1.2.0 diff --git a/packages/extra/ingress/templates/nginx-ingress.yaml b/packages/extra/ingress/templates/nginx-ingress.yaml index 816327f0..43a3a9a6 100644 --- a/packages/extra/ingress/templates/nginx-ingress.yaml +++ b/packages/extra/ingress/templates/nginx-ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx diff --git a/packages/system/monitoring/templates/nginx-scrape.yaml b/packages/extra/ingress/templates/nginx-scrape.yaml similarity index 92% rename from packages/system/monitoring/templates/nginx-scrape.yaml rename to packages/extra/ingress/templates/nginx-scrape.yaml index d9de45a0..d04c5b65 100644 --- a/packages/system/monitoring/templates/nginx-scrape.yaml +++ b/packages/extra/ingress/templates/nginx-scrape.yaml @@ -3,12 +3,11 @@ apiVersion: operator.victoriametrics.com/v1beta1 kind: VMPodScrape metadata: name: nginx-ingress-controller - namespace: cozy-monitoring spec: jobLabel: jobLabel namespaceSelector: matchNames: - - cozy-ingress-nginx + - {{ .Release.Namespace }} podMetricsEndpoints: - port: metrics honorLabels: true @@ -29,12 +28,11 @@ apiVersion: operator.victoriametrics.com/v1beta1 kind: VMPodScrape metadata: name: nginx-ingress-controller-detailed - namespace: cozy-monitoring spec: jobLabel: jobLabel namespaceSelector: matchNames: - - cozy-ingress-nginx + - {{ .Release.Namespace }} podMetricsEndpoints: - port: metrics2 honorLabels: true diff --git a/packages/extra/monitoring/Chart.yaml b/packages/extra/monitoring/Chart.yaml index dbfa5374..0c28c1bf 100644 --- a/packages/extra/monitoring/Chart.yaml +++ b/packages/extra/monitoring/Chart.yaml @@ -3,4 +3,4 @@ name: monitoring description: Monitoring and observability stack icon: https://www.svgrepo.com/download/184787/analytics-laptop.svg type: application -version: 1.0.0 +version: 1.1.0 diff --git a/packages/extra/monitoring/templates/oncall/oncall-release.yaml b/packages/extra/monitoring/templates/oncall/oncall-release.yaml index 46d124e4..48416776 100644 --- a/packages/extra/monitoring/templates/oncall/oncall-release.yaml +++ b/packages/extra/monitoring/templates/oncall/oncall-release.yaml @@ -1,7 +1,7 @@ {{- if .Values.oncall.enabled }} {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana-oncall diff --git a/packages/extra/versions_map b/packages/extra/versions_map index 7b373bf8..996103e5 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -3,5 +3,7 @@ etcd 2.0.0 a6d0f7cf etcd 2.0.1 6fc1cc7d etcd 2.1.0 HEAD ingress 1.0.0 f642698 -ingress 1.1.0 HEAD -monitoring 1.0.0 HEAD +ingress 1.1.0 838bee5d +ingress 1.2.0 HEAD +monitoring 1.0.0 f642698 +monitoring 1.1.0 HEAD diff --git a/packages/system/capi-operator/Makefile b/packages/system/capi-operator/Makefile index b3c9f770..2fd794d3 100644 --- a/packages/system/capi-operator/Makefile +++ b/packages/system/capi-operator/Makefile @@ -1,5 +1,5 @@ -NAME=capi-operator -NAMESPACE=cozy-cluster-api +export NAME=capi-operator +export NAMESPACE=cozy-cluster-api include ../../../scripts/package-system.mk diff --git a/packages/system/capi-operator/charts/cluster-api-operator/Chart.lock b/packages/system/capi-operator/charts/cluster-api-operator/Chart.lock deleted file mode 100644 index 5d3381ff..00000000 --- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.13.2 -digest: sha256:b92a86c20cdd8a5e44995e71addefd379fdf302410a7dde388623f0e06187406 -generated: "2024-01-16T12:59:42.630842426Z" diff --git a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml index d505a05d..b9b994bb 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml @@ -1,11 +1,6 @@ apiVersion: v2 -appVersion: 0.8.1 -dependencies: -- condition: cert-manager.enabled - name: cert-manager - repository: https://charts.jetstack.io - version: v1.13.2 +appVersion: 0.11.0 description: Cluster API Operator name: cluster-api-operator type: application -version: 0.8.1 +version: 0.11.0 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/crds/cert-manager.crds.yaml b/packages/system/capi-operator/charts/cluster-api-operator/crds/cert-manager.crds.yaml deleted file mode 100644 index 14c0726c..00000000 --- a/packages/system/capi-operator/charts/cluster-api-operator/crds/cert-manager.crds.yaml +++ /dev/null @@ -1,4482 +0,0 @@ -# Copyright 2022 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificaterequests.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: cert-manager.io - names: - kind: CertificateRequest - listKind: CertificateRequestList - plural: certificaterequests - shortNames: - - cr - - crs - singular: certificaterequest - categories: - - cert-manager - scope: Namespaced - versions: - - name: v1 - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Approved")].status - name: Approved - type: string - - jsonPath: .status.conditions[?(@.type=="Denied")].status - name: Denied - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - type: string - - jsonPath: .spec.username - name: Requestor - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - name: Age - type: date - schema: - openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `Ready` status condition and its `status.failureTime` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - type: object - required: - - issuerRef - - request - properties: - duration: - description: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. - type: string - extra: - description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. - type: object - additionalProperties: - type: array - items: - type: string - groups: - description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. - type: array - items: - type: string - x-kubernetes-list-type: atomic - isCA: - description: "Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. \n NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. \n If true, this will automatically add the `cert sign` usage to the list of requested `usages`." - type: boolean - issuerRef: - description: "Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. \n The `name` field of the reference must always be specified." - type: object - required: - - name - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - request: - description: "The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. \n If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest." - type: string - format: byte - uid: - description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. - type: string - usages: - description: "Requested key usages and extended key usages. \n NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. \n If unset, defaults to `digital signature` and `key encipherment`." - type: array - items: - description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - type: string - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - username: - description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. - type: string - status: - description: 'Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - ca: - description: The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. - type: string - format: byte - certificate: - description: The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. - type: string - format: byte - conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. - type: array - items: - description: CertificateRequestCondition contains condition information for a CertificateRequest. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - type: string - format: date-time - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, `Unknown`). - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). - type: string - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failureTime: - description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. - type: string - format: date-time - served: true - storage: true ---- -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: certificates.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: cert-manager.io - names: - kind: Certificate - listKind: CertificateList - plural: certificates - shortNames: - - cert - - certs - singular: certificate - categories: - - cert-manager - scope: Namespaced - versions: - - name: v1 - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.secretName - name: Secret - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - name: Age - type: date - schema: - openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to date and signed X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - type: object - required: - - issuerRef - - secretName - properties: - additionalOutputFormats: - description: "Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. \n This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components." - type: array - items: - description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. - type: object - required: - - type - properties: - type: - description: Type is the name of the format type that should be written to the Certificate's target Secret. - type: string - enum: - - DER - - CombinedPEM - commonName: - description: "Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). \n Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set." - type: string - dnsNames: - description: Requested DNS subject alternative names. - type: array - items: - type: string - duration: - description: "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. \n If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." - type: string - emailAddresses: - description: Requested email subject alternative names. - type: array - items: - type: string - encodeUsagesInRequest: - description: "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. \n This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions." - type: boolean - ipAddresses: - description: Requested IP address subject alternative names. - type: array - items: - type: string - isCA: - description: "Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. \n If true, this will automatically add the `cert sign` usage to the list of requested `usages`." - type: boolean - issuerRef: - description: "Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. \n The `name` field of the reference must always be specified." - type: object - required: - - name - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - keystores: - description: Additional keystore output formats to be stored in the Certificate's Secret. - type: object - properties: - jks: - description: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. - type: object - required: - - create - - passwordSecretRef - properties: - create: - description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. - type: object - required: - - create - - passwordSecretRef - properties: - create: - description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - literalSubject: - description: "Requested X.509 certificate subject, represented using the LDAP \"String Representation of a Distinguished Name\" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 \n Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components." - type: string - privateKey: - description: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. - type: object - properties: - algorithm: - description: "Algorithm is the private key algorithm of the corresponding private key for this certificate. \n If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm." - type: string - enum: - - RSA - - ECDSA - - Ed25519 - encoding: - description: "The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. \n If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified." - type: string - enum: - - PKCS1 - - PKCS8 - rotationPolicy: - description: "RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. \n If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility." - type: string - enum: - - Never - - Always - size: - description: "Size is the key bit size of the corresponding private key for this certificate. \n If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed." - type: integer - renewBefore: - description: "How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). \n NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. \n If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." - type: string - revisionHistoryLimit: - description: "The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. \n If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`." - type: integer - format: int32 - secretName: - description: Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. - type: string - secretTemplate: - description: Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. - type: object - properties: - annotations: - description: Annotations is a key value map to be copied to the target Kubernetes Secret. - type: object - additionalProperties: - type: string - labels: - description: Labels is a key value map to be copied to the target Kubernetes Secret. - type: object - additionalProperties: - type: string - subject: - description: "Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 \n The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set." - type: object - properties: - countries: - description: Countries to be used on the Certificate. - type: array - items: - type: string - localities: - description: Cities to be used on the Certificate. - type: array - items: - type: string - organizationalUnits: - description: Organizational Units to be used on the Certificate. - type: array - items: - type: string - organizations: - description: Organizations to be used on the Certificate. - type: array - items: - type: string - postalCodes: - description: Postal codes to be used on the Certificate. - type: array - items: - type: string - provinces: - description: State/Provinces to be used on the Certificate. - type: array - items: - type: string - serialNumber: - description: Serial number to be used on the Certificate. - type: string - streetAddresses: - description: Street addresses to be used on the Certificate. - type: array - items: - type: string - uris: - description: Requested URI subject alternative names. - type: array - items: - type: string - usages: - description: "Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. \n If unset, defaults to `digital signature` and `key encipherment`." - type: array - items: - description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - type: string - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - status: - description: 'Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - properties: - conditions: - description: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. - type: array - items: - description: CertificateCondition contains condition information for an Certificate. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - type: string - format: date-time - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. - type: integer - format: int64 - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, `Unknown`). - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: Type of the condition, known values are (`Ready`, `Issuing`). - type: string - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). - type: integer - lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. - type: string - format: date-time - nextPrivateKeySecretName: - description: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. - type: string - notAfter: - description: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. - type: string - format: date-time - notBefore: - description: The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. - type: string - format: date-time - renewalTime: - description: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. - type: string - format: date-time - revision: - description: "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field." - type: integer - served: true - storage: true ---- -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: challenges.acme.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: acme.cert-manager.io - names: - kind: Challenge - listKind: ChallengeList - plural: challenges - singular: challenge - categories: - - cert-manager - - cert-manager-acme - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.dnsName - name: Domain - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Challenge is a type to represent a Challenge request with an ACME server - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - authorizationURL - - dnsName - - issuerRef - - key - - solver - - token - - type - - url - properties: - authorizationURL: - description: The URL to the ACME Authorization resource that this challenge is a part of. - type: string - dnsName: - description: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. - type: string - issuerRef: - description: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. - type: object - required: - - name - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - key: - description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' - type: string - solver: - description: Contains the domain solving configuration that should be used to solve this challenge resource. - type: object - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. - type: object - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. - type: object - required: - - accountSecretRef - - host - properties: - accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - host: - type: string - akamai: - description: Use the Akamai DNS zone management API to manage DNS01 challenge records. - type: object - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - serviceConsumerDomain: - type: string - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. - type: object - required: - - resourceGroupName - - subscriptionID - properties: - clientID: - description: if both this and ClientSecret are left unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - environment: - description: name of the Azure environment (default AzurePublicCloud) - type: string - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID - type: object - properties: - clientID: - description: client ID of the managed identity, can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID - type: string - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed - type: string - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 challenge records. - type: object - required: - - project - properties: - hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge records. - type: object - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - email: - description: Email of the account, only required when using API key based authentication. - type: string - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. - type: string - enum: - - None - - Follow - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 challenge records. - type: object - required: - - tokenSecretRef - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. - type: object - required: - - nameserver - properties: - nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - route53: - description: Use the AWS Route53 API to manage DNS01 challenge records. - type: object - required: - - region - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - hostedZoneID: - description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. - type: object - required: - - groupName - - solverName - properties: - config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. - type: string - http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. - type: object - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. - type: object - properties: - labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. - type: object - additionalProperties: - type: string - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - type: array - items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." - type: object - required: - - name - properties: - group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" - type: string - default: gateway.networking.k8s.io - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - kind: - description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." - type: string - default: Gateway - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - name: - description: "Name is the name of the referent. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" - type: string - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " - type: integer - format: int32 - maximum: 65535 - minimum: 1 - sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. - type: object - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the create ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. - type: object - properties: - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - x-kubernetes-map-type: atomic - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. - type: object - properties: - dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. - type: object - additionalProperties: - type: string - token: - description: The ACME challenge token for this challenge. This is the raw value returned from the ACME server. - type: string - type: - description: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". - type: string - enum: - - HTTP-01 - - DNS-01 - url: - description: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. - type: string - wildcard: - description: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. - type: boolean - status: - type: object - properties: - presented: - description: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). - type: boolean - processing: - description: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. - type: boolean - reason: - description: Contains human readable information on why the Challenge is in the current state. - type: string - state: - description: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. - type: string - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - served: true - storage: true - subresources: - status: {} ---- -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: "cert-manager" - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: cert-manager.io - names: - kind: ClusterIssuer - listKind: ClusterIssuerList - plural: clusterissuers - singular: clusterissuer - categories: - - cert-manager - scope: Cluster - versions: - - name: v1 - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - name: Age - type: date - schema: - openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the ClusterIssuer resource. - type: object - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. - type: object - required: - - privateKeySecretRef - - server - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. - type: string - format: byte - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. - type: object - required: - - keyID - - keySecretRef - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' - type: string - enum: - - HS256 - - HS384 - - HS512 - keyID: - description: keyID is the ID of the CA key that the External Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' - type: string - maxLength: 64 - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - server: - description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - type: array - items: - description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. - type: object - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. - type: object - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. - type: object - required: - - accountSecretRef - - host - properties: - accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - host: - type: string - akamai: - description: Use the Akamai DNS zone management API to manage DNS01 challenge records. - type: object - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - serviceConsumerDomain: - type: string - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. - type: object - required: - - resourceGroupName - - subscriptionID - properties: - clientID: - description: if both this and ClientSecret are left unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - environment: - description: name of the Azure environment (default AzurePublicCloud) - type: string - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID - type: object - properties: - clientID: - description: client ID of the managed identity, can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID - type: string - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed - type: string - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 challenge records. - type: object - required: - - project - properties: - hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge records. - type: object - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - email: - description: Email of the account, only required when using API key based authentication. - type: string - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. - type: string - enum: - - None - - Follow - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 challenge records. - type: object - required: - - tokenSecretRef - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. - type: object - required: - - nameserver - properties: - nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - route53: - description: Use the AWS Route53 API to manage DNS01 challenge records. - type: object - required: - - region - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - hostedZoneID: - description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. - type: object - required: - - groupName - - solverName - properties: - config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. - type: string - http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. - type: object - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. - type: object - properties: - labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. - type: object - additionalProperties: - type: string - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - type: array - items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." - type: object - required: - - name - properties: - group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" - type: string - default: gateway.networking.k8s.io - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - kind: - description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." - type: string - default: Gateway - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - name: - description: "Name is the name of the referent. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" - type: string - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " - type: integer - format: int32 - maximum: 65535 - minimum: 1 - sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. - type: object - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the create ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. - type: object - properties: - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - x-kubernetes-map-type: atomic - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. - type: object - properties: - dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. - type: object - additionalProperties: - type: string - ca: - description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. - type: object - required: - - secretName - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. - type: array - items: - type: string - ocspServers: - description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. - type: string - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. - type: object - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. - type: array - items: - type: string - vault: - description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. - type: object - required: - - auth - - path - - server - properties: - auth: - description: Auth configures how cert-manager authenticates with the Vault server. - type: object - properties: - appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. - type: object - required: - - path - - roleId - - secretRef - properties: - path: - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. - type: object - required: - - role - properties: - mountPath: - description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. - type: string - role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - serviceAccountRef: - description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. - type: object - required: - - name - properties: - name: - description: Name of the ServiceAccount used to request a token. - type: string - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting a token. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. - type: string - format: byte - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' - type: string - venafi: - description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. - type: object - required: - - zone - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. - type: object - required: - - apiTokenSecretRef - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - url: - description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". - type: string - tpp: - description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. - type: object - required: - - credentialsRef - - url - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. - type: string - format: byte - credentialsRef: - description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. - type: object - required: - - name - properties: - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - url: - description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. - type: string - status: - description: Status of the ClusterIssuer. This is set and managed automatically. - type: object - properties: - acme: - description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. - type: object - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also be used to retrieve account details from the CA - type: string - conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. - type: array - items: - description: IssuerCondition contains condition information for an Issuer. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - type: string - format: date-time - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. - type: integer - format: int64 - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, `Unknown`). - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: Type of the condition, known values are (`Ready`). - type: string - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - served: true - storage: true ---- -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: issuers.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: "cert-manager" - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: cert-manager.io - names: - kind: Issuer - listKind: IssuerList - plural: issuers - singular: issuer - categories: - - cert-manager - scope: Namespaced - versions: - - name: v1 - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - name: Age - type: date - schema: - openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Issuer resource. - type: object - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. - type: object - required: - - privateKeySecretRef - - server - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. - type: string - format: byte - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. - type: object - required: - - keyID - - keySecretRef - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' - type: string - enum: - - HS256 - - HS384 - - HS512 - keyID: - description: keyID is the ID of the CA key that the External Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' - type: string - maxLength: 64 - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - server: - description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - type: array - items: - description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. - type: object - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. - type: object - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. - type: object - required: - - accountSecretRef - - host - properties: - accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - host: - type: string - akamai: - description: Use the Akamai DNS zone management API to manage DNS01 challenge records. - type: object - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - serviceConsumerDomain: - type: string - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. - type: object - required: - - resourceGroupName - - subscriptionID - properties: - clientID: - description: if both this and ClientSecret are left unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - environment: - description: name of the Azure environment (default AzurePublicCloud) - type: string - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID - type: object - properties: - clientID: - description: client ID of the managed identity, can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID - type: string - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed - type: string - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 challenge records. - type: object - required: - - project - properties: - hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge records. - type: object - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - email: - description: Email of the account, only required when using API key based authentication. - type: string - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. - type: string - enum: - - None - - Follow - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 challenge records. - type: object - required: - - tokenSecretRef - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. - type: object - required: - - nameserver - properties: - nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - route53: - description: Use the AWS Route53 API to manage DNS01 challenge records. - type: object - required: - - region - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - hostedZoneID: - description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. - type: object - required: - - groupName - - solverName - properties: - config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. - type: string - http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. - type: object - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. - type: object - properties: - labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. - type: object - additionalProperties: - type: string - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - type: array - items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." - type: object - required: - - name - properties: - group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" - type: string - default: gateway.networking.k8s.io - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - kind: - description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." - type: string - default: Gateway - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - name: - description: "Name is the name of the referent. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" - type: string - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " - type: integer - format: int32 - maximum: 65535 - minimum: 1 - sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" - type: string - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. - type: object - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver ingress. - type: object - additionalProperties: - type: string - name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. - type: object - properties: - metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. - type: object - properties: - annotations: - description: Annotations that should be added to the create ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - labels: - description: Labels that should be added to the created ACME HTTP01 solver pods. - type: object - additionalProperties: - type: string - spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. - type: object - properties: - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - x-kubernetes-map-type: atomic - x-kubernetes-map-type: atomic - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - x-kubernetes-map-type: atomic - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. - type: string - selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. - type: object - properties: - dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. - type: array - items: - type: string - matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. - type: object - additionalProperties: - type: string - ca: - description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. - type: object - required: - - secretName - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. - type: array - items: - type: string - ocspServers: - description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - type: array - items: - type: string - secretName: - description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. - type: string - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. - type: object - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. - type: array - items: - type: string - vault: - description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. - type: object - required: - - auth - - path - - server - properties: - auth: - description: Auth configures how cert-manager authenticates with the Vault server. - type: object - properties: - appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. - type: object - required: - - path - - roleId - - secretRef - properties: - path: - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. - type: object - required: - - role - properties: - mountPath: - description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. - type: string - role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - serviceAccountRef: - description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. - type: object - required: - - name - properties: - name: - description: Name of the ServiceAccount used to request a token. - type: string - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting a token. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. - type: string - format: byte - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' - type: string - venafi: - description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. - type: object - required: - - zone - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. - type: object - required: - - apiTokenSecretRef - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. - type: object - required: - - name - properties: - key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - url: - description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". - type: string - tpp: - description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. - type: object - required: - - credentialsRef - - url - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. - type: string - format: byte - credentialsRef: - description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. - type: object - required: - - name - properties: - name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - url: - description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. - type: string - status: - description: Status of the Issuer. This is set and managed automatically. - type: object - properties: - acme: - description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. - type: object - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also be used to retrieve account details from the CA - type: string - conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. - type: array - items: - description: IssuerCondition contains condition information for an Issuer. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - type: string - format: date-time - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. - type: integer - format: int64 - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, `Unknown`). - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: Type of the condition, known values are (`Ready`). - type: string - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - served: true - storage: true ---- -# Source: cert-manager/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: orders.acme.cert-manager.io - labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' - # Generated labels - app.kubernetes.io/version: "v1.13.2" -spec: - group: acme.cert-manager.io - names: - kind: Order - listKind: OrderList - plural: orders - singular: order - categories: - - cert-manager - - cert-manager-acme - scope: Namespaced - versions: - - name: v1 - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - name: Age - type: date - schema: - openAPIV3Schema: - description: Order is a type to represent an Order with an ACME server - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - issuerRef - - request - properties: - commonName: - description: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. - type: string - dnsNames: - description: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. - type: array - items: - type: string - duration: - description: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. - type: string - ipAddresses: - description: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. - type: array - items: - type: string - issuerRef: - description: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. - type: object - required: - - name - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - request: - description: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. - type: string - format: byte - status: - type: object - properties: - authorizations: - description: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. - type: array - items: - description: ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. - type: object - required: - - url - properties: - challenges: - description: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. - type: array - items: - description: Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. - type: object - required: - - token - - type - - url - properties: - token: - description: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. - type: string - type: - description: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. - type: string - url: - description: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. - type: string - identifier: - description: Identifier is the DNS name to be validated as part of this authorization - type: string - initialState: - description: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. - type: string - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - url: - description: URL is the URL of the Authorization that must be completed - type: string - wildcard: - description: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. - type: boolean - certificate: - description: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. - type: string - format: byte - failureTime: - description: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. - type: string - format: date-time - finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. - type: string - reason: - description: Reason optionally provides more information about a why the order is in the current state. - type: string - state: - description: State contains the current state of this Order resource. States 'success' and 'expired' are 'final' - type: string - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - url: - description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. - type: string - served: true - storage: true diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml index a4acb740..9095368c 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml @@ -28,6 +28,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" name: {{ $addonNamespace }} --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -38,6 +39,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" {{- if or $addonVersion $.Values.secretName }} spec: {{- end}} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/cert-manager.namespace.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/cert-manager.namespace.yaml deleted file mode 100644 index 4a5fc8d3..00000000 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/cert-manager.namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: v1 -kind: Namespace -metadata: - annotations: - "helm.sh/hook": "pre-install" - name: {{ index .Values "cert-manager" "namespace" }} -{{- end }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml index 260efb59..013a2ef0 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml @@ -37,12 +37,22 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" {{- if or $coreVersion $.Values.configSecret.name }} spec: {{- end}} {{- if $coreVersion }} version: {{ $coreVersion }} {{- end }} +{{- if $.Values.manager }} + manager: +{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }} + featureGates: + {{- range $key, $value := $.Values.manager.featureGates.core }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml index 806d0b1c..0b4c0916 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml @@ -95,10 +95,17 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP + - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }} + name: metrics + protocol: TCP {{- with .Values.resources.manager }} resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.env.manager }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.containerSecurityContext.manager }} securityContext: {{- toYaml . | nindent 12 }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml index 2d1e8cca..3c3a8a75 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -9,6 +9,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-bootstrap-system --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -19,6 +20,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: configSecret: @@ -37,6 +39,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-control-plane-system --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -47,6 +50,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: configSecret: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml index e2f8b24b..2a4488c2 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml @@ -28,6 +28,7 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" name: {{ $infrastructureNamespace }} --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -38,12 +39,26 @@ metadata: annotations: "helm.sh/hook": "post-install" "helm.sh/hook-weight": "2" -{{- if or $infrastructureVersion $.Values.configSecret.name }} + "argocd.argoproj.io/sync-wave": "2" +{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end }} {{- if $infrastructureVersion }} version: {{ $infrastructureVersion }} {{- end }} +{{- if $.Values.manager }} + manager: +{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }} +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $infrastructureName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml index 0e3aaf98..03b1cec6 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml @@ -3,7 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: addonproviders.operator.cluster.x-k8s.io @@ -25,6 +26,8 @@ spec: kind: AddonProvider listKind: AddonProviderList plural: addonproviders + shortNames: + - caap singular: addonprovider scope: Namespaced versions: @@ -41,14 +44,19 @@ spec: description: AddonProvider is the Schema for the addonproviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,12 +64,11 @@ spec: description: AddonProviderSpec defines the desired state of AddonProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -73,14 +80,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -103,22 +110,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -128,32 +133,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -166,32 +165,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -213,53 +206,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -272,32 +258,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -320,18 +300,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -342,38 +320,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -385,53 +359,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -443,42 +439,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -487,55 +478,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -548,51 +535,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -605,33 +615,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -644,18 +650,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -666,38 +670,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -709,53 +709,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -767,42 +789,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -811,55 +828,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -872,51 +885,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -929,33 +965,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -966,19 +998,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -999,17 +1032,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -1022,10 +1054,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -1036,11 +1068,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -1055,11 +1085,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -1089,10 +1117,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -1117,19 +1145,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -1146,8 +1179,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1156,11 +1190,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -1170,12 +1204,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1183,10 +1220,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -1199,83 +1236,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1287,19 +1323,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -1307,36 +1343,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -1345,26 +1387,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -1374,47 +1416,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -1426,37 +1473,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -1464,28 +1514,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -1503,37 +1556,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -1542,8 +1595,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -1566,7 +1620,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: bootstrapproviders.operator.cluster.x-k8s.io @@ -1588,6 +1643,8 @@ spec: kind: BootstrapProvider listKind: BootstrapProviderList plural: bootstrapproviders + shortNames: + - cabp singular: bootstrapprovider scope: Namespaced versions: @@ -1598,20 +1655,30 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string + deprecated: true name: v1alpha1 schema: openAPIV3Schema: - description: BootstrapProvider is the Schema for the bootstrapproviders API. + description: |- + BootstrapProvider is the Schema for the bootstrapproviders API. + + + Deprecated: This type will be removed in one of the next releases. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1619,12 +1686,11 @@ spec: description: BootstrapProviderSpec defines the desired state of BootstrapProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -1647,22 +1713,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -1672,32 +1736,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1710,32 +1768,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1757,53 +1809,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1816,32 +1861,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1864,18 +1903,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -1886,38 +1923,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1929,53 +1962,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1987,42 +2042,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2031,55 +2081,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2092,51 +2138,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2149,33 +2218,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2188,18 +2253,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -2210,38 +2273,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2253,53 +2312,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2311,42 +2392,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2355,55 +2431,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2416,51 +2488,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2473,33 +2568,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2510,19 +2601,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -2543,17 +2635,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -2566,10 +2657,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -2580,11 +2671,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -2599,11 +2688,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -2633,10 +2720,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -2672,19 +2759,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -2701,8 +2793,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2711,11 +2804,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -2725,12 +2818,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2738,10 +2834,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -2754,83 +2850,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2842,19 +2937,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -2862,36 +2957,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -2900,26 +3001,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -2929,47 +3030,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -2981,37 +3087,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains the controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -3019,35 +3128,38 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object secretName: - description: SecretName is the name of the Secret providing the configuration + description: |- + SecretName is the name of the Secret providing the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider - components. The contents of the secret will be treated as immutable. - If changes need to be made, a new object can be created and the - name should be updated. The contents should be in the form of key:value. - This secret must be in the same namespace as the provider. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. type: string secretNamespace: - description: SecretNamespace is the namespace of the Secret providing - the configuration variables. If not specified, the namespace of - the provider will be used. + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. type: string version: description: Version indicates the provider version. @@ -3063,37 +3175,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -3102,8 +3214,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -3133,14 +3246,19 @@ spec: description: BootstrapProvider is the Schema for the bootstrapproviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3148,12 +3266,11 @@ spec: description: BootstrapProviderSpec defines the desired state of BootstrapProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -3165,14 +3282,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -3195,22 +3312,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -3220,32 +3335,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -3258,32 +3367,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -3305,53 +3408,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -3364,32 +3460,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -3412,18 +3502,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -3434,38 +3522,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3477,53 +3561,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3535,42 +3641,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -3579,55 +3680,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -3640,51 +3737,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -3697,33 +3817,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -3736,18 +3852,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -3758,38 +3872,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3801,53 +3911,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3859,42 +3991,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -3903,55 +4030,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -3964,51 +4087,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -4021,33 +4167,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -4058,19 +4200,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -4091,17 +4234,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -4114,10 +4256,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -4128,11 +4270,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -4147,11 +4287,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -4181,10 +4319,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -4209,19 +4347,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -4238,8 +4381,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -4248,11 +4392,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -4262,12 +4406,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4275,10 +4422,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -4291,83 +4438,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4379,19 +4525,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -4399,36 +4545,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -4437,26 +4589,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -4466,47 +4618,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -4518,37 +4675,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -4556,28 +4716,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -4595,37 +4758,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -4634,8 +4797,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -4658,7 +4822,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: controlplaneproviders.operator.cluster.x-k8s.io @@ -4680,6 +4845,8 @@ spec: kind: ControlPlaneProvider listKind: ControlPlaneProviderList plural: controlplaneproviders + shortNames: + - cacpp singular: controlplaneprovider scope: Namespaced versions: @@ -4690,21 +4857,30 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string + deprecated: true name: v1alpha1 schema: openAPIV3Schema: - description: ControlPlaneProvider is the Schema for the controlplaneproviders - API. + description: |- + ControlPlaneProvider is the Schema for the controlplaneproviders API. + + + Deprecated: This type will be removed in one of the next releases. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -4712,12 +4888,11 @@ spec: description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -4740,22 +4915,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -4765,32 +4938,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4803,32 +4970,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4850,53 +5011,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4909,32 +5063,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4957,18 +5105,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -4979,38 +5125,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5022,53 +5164,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5080,42 +5244,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -5124,55 +5283,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5185,51 +5340,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5242,33 +5420,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -5281,18 +5455,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -5303,38 +5475,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5346,53 +5514,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5404,42 +5594,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -5448,55 +5633,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5509,51 +5690,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5566,33 +5770,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -5603,19 +5803,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -5636,17 +5837,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -5659,10 +5859,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -5673,11 +5873,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -5692,11 +5890,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -5726,10 +5922,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -5765,19 +5961,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -5794,8 +5995,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -5804,11 +6006,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -5818,12 +6020,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5831,10 +6036,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -5847,83 +6052,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5935,19 +6139,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -5955,36 +6159,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -5993,26 +6203,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -6022,47 +6232,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -6074,37 +6289,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains the controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -6112,35 +6330,38 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object secretName: - description: SecretName is the name of the Secret providing the configuration + description: |- + SecretName is the name of the Secret providing the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider - components. The contents of the secret will be treated as immutable. - If changes need to be made, a new object can be created and the - name should be updated. The contents should be in the form of key:value. - This secret must be in the same namespace as the provider. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. type: string secretNamespace: - description: SecretNamespace is the namespace of the Secret providing - the configuration variables. If not specified, the namespace of - the provider will be used. + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. type: string version: description: Version indicates the provider version. @@ -6157,37 +6378,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -6196,8 +6417,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -6228,14 +6450,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -6243,12 +6470,11 @@ spec: description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -6260,14 +6486,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -6290,22 +6516,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -6315,32 +6539,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -6353,32 +6571,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -6400,53 +6612,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -6459,32 +6664,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -6507,18 +6706,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -6529,38 +6726,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6572,53 +6765,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6630,42 +6845,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -6674,55 +6884,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -6735,51 +6941,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -6792,33 +7021,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -6831,18 +7056,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -6853,38 +7076,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6896,53 +7115,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6954,42 +7195,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -6998,55 +7234,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -7059,51 +7291,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -7116,33 +7371,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -7153,19 +7404,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -7186,17 +7438,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -7209,10 +7460,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -7223,11 +7474,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -7242,11 +7491,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -7276,10 +7523,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -7304,19 +7551,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -7333,8 +7585,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -7343,11 +7596,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -7357,12 +7610,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7370,10 +7626,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -7386,83 +7642,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -7474,19 +7729,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -7494,36 +7749,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -7532,26 +7793,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -7561,47 +7822,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -7613,37 +7879,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -7651,28 +7920,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -7691,37 +7963,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -7730,8 +8002,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -7754,7 +8027,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: coreproviders.operator.cluster.x-k8s.io @@ -7776,6 +8050,8 @@ spec: kind: CoreProvider listKind: CoreProviderList plural: coreproviders + shortNames: + - cacp singular: coreprovider scope: Namespaced versions: @@ -7786,20 +8062,30 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string + deprecated: true name: v1alpha1 schema: openAPIV3Schema: - description: CoreProvider is the Schema for the coreproviders API. + description: |- + CoreProvider is the Schema for the coreproviders API. + + + Deprecated: This type will be removed in one of the next releases. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7807,12 +8093,11 @@ spec: description: CoreProviderSpec defines the desired state of CoreProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -7835,22 +8120,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -7860,32 +8143,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -7898,32 +8175,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -7945,53 +8216,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -8004,32 +8268,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -8052,18 +8310,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -8074,38 +8330,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8117,53 +8369,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8175,42 +8449,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -8219,55 +8488,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -8280,51 +8545,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -8337,33 +8625,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -8376,18 +8660,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -8398,38 +8680,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8441,53 +8719,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8499,42 +8799,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -8543,55 +8838,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -8604,51 +8895,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -8661,33 +8975,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -8698,19 +9008,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -8731,17 +9042,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -8754,10 +9064,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -8768,11 +9078,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -8787,11 +9095,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -8821,10 +9127,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -8860,19 +9166,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -8889,8 +9200,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -8899,11 +9211,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -8913,12 +9225,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8926,10 +9241,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -8942,83 +9257,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -9030,19 +9344,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -9050,36 +9364,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -9088,26 +9408,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -9117,47 +9437,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -9169,37 +9494,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains the controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -9207,35 +9535,38 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object secretName: - description: SecretName is the name of the Secret providing the configuration + description: |- + SecretName is the name of the Secret providing the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider - components. The contents of the secret will be treated as immutable. - If changes need to be made, a new object can be created and the - name should be updated. The contents should be in the form of key:value. - This secret must be in the same namespace as the provider. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. type: string secretNamespace: - description: SecretNamespace is the namespace of the Secret providing - the configuration variables. If not specified, the namespace of - the provider will be used. + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. type: string version: description: Version indicates the provider version. @@ -9251,37 +9582,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -9290,8 +9621,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -9321,14 +9653,19 @@ spec: description: CoreProvider is the Schema for the coreproviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -9336,12 +9673,11 @@ spec: description: CoreProviderSpec defines the desired state of CoreProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -9353,14 +9689,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -9383,22 +9719,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -9408,32 +9742,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -9446,32 +9774,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -9493,53 +9815,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -9552,32 +9867,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -9600,18 +9909,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -9622,38 +9929,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -9665,53 +9968,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -9723,42 +10048,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -9767,55 +10087,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -9828,51 +10144,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -9885,33 +10224,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -9924,18 +10259,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -9946,38 +10279,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -9989,53 +10318,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -10047,42 +10398,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -10091,55 +10437,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -10152,51 +10494,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -10209,33 +10574,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -10246,19 +10607,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -10279,17 +10641,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -10302,10 +10663,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -10316,11 +10677,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -10335,11 +10694,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -10369,10 +10726,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -10397,19 +10754,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -10426,8 +10788,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -10436,11 +10799,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -10450,12 +10813,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10463,10 +10829,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -10479,83 +10845,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -10567,19 +10932,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -10587,36 +10952,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -10625,26 +10996,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -10654,47 +11025,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -10706,37 +11082,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -10744,28 +11123,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -10783,37 +11165,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -10822,8 +11204,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -10846,7 +11229,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: infrastructureproviders.operator.cluster.x-k8s.io @@ -10868,6 +11252,8 @@ spec: kind: InfrastructureProvider listKind: InfrastructureProviderList plural: infrastructureproviders + shortNames: + - caip singular: infrastructureprovider scope: Namespaced versions: @@ -10878,21 +11264,30 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string + deprecated: true name: v1alpha1 schema: openAPIV3Schema: - description: InfrastructureProvider is the Schema for the infrastructureproviders - API. + description: |- + InfrastructureProvider is the Schema for the infrastructureproviders API. + + + Deprecated: This type will be removed in one of the next releases. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -10900,12 +11295,11 @@ spec: description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -10928,22 +11322,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -10953,32 +11345,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -10991,32 +11377,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -11038,53 +11418,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -11097,32 +11470,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -11145,18 +11512,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -11167,38 +11532,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -11210,53 +11571,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -11268,42 +11651,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -11312,55 +11690,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -11373,51 +11747,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -11430,33 +11827,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -11469,18 +11862,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -11491,38 +11882,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -11534,53 +11921,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -11592,42 +12001,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -11636,55 +12040,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -11697,51 +12097,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -11754,33 +12177,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -11791,19 +12210,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -11824,17 +12244,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -11847,10 +12266,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11861,11 +12280,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -11880,11 +12297,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -11914,10 +12329,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -11953,19 +12368,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -11982,8 +12402,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -11992,11 +12413,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -12006,12 +12427,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -12019,10 +12443,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -12035,83 +12459,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -12123,19 +12546,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -12143,36 +12566,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -12181,26 +12610,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -12210,47 +12639,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -12262,37 +12696,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains the controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -12300,35 +12737,38 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object secretName: - description: SecretName is the name of the Secret providing the configuration + description: |- + SecretName is the name of the Secret providing the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider - components. The contents of the secret will be treated as immutable. - If changes need to be made, a new object can be created and the - name should be updated. The contents should be in the form of key:value. - This secret must be in the same namespace as the provider. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. type: string secretNamespace: - description: SecretNamespace is the namespace of the Secret providing - the configuration variables. If not specified, the namespace of - the provider will be used. + description: |- + SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, + the namespace of the provider will be used. type: string version: description: Version indicates the provider version. @@ -12345,37 +12785,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -12384,8 +12824,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -12416,14 +12857,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -12431,12 +12877,11 @@ spec: description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -12448,14 +12893,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -12478,22 +12923,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -12503,32 +12946,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -12541,32 +12978,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -12588,53 +13019,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -12647,32 +13071,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -12695,18 +13113,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -12717,38 +13133,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -12760,53 +13172,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -12818,42 +13252,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -12862,55 +13291,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -12923,51 +13348,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -12980,33 +13428,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -13019,18 +13463,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -13041,38 +13483,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -13084,53 +13522,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -13142,42 +13602,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -13186,55 +13641,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -13247,51 +13698,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -13304,33 +13778,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -13341,19 +13811,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -13374,17 +13845,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -13397,10 +13867,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -13411,11 +13881,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -13430,11 +13898,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -13464,10 +13930,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -13492,19 +13958,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -13521,8 +13992,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -13531,11 +14003,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -13545,12 +14017,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -13558,10 +14033,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -13574,83 +14049,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -13662,19 +14136,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -13682,36 +14156,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -13720,26 +14200,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -13749,47 +14229,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -13801,37 +14286,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -13839,28 +14327,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -13879,37 +14370,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -13918,8 +14409,9 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -13942,7 +14434,8 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator name: ipamproviders.operator.cluster.x-k8s.io @@ -13964,6 +14457,8 @@ spec: kind: IPAMProvider listKind: IPAMProviderList plural: ipamproviders + shortNames: + - caipamp singular: ipamprovider scope: Namespaced versions: @@ -13980,14 +14475,19 @@ spec: description: IPAMProvider is the Schema for the IPAMProviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -13995,12 +14495,11 @@ spec: description: IPAMProviderSpec defines the desired state of IPAMProvider. properties: additionalManifests: - description: AdditionalManifests is reference to configmap that contains - additional manifests that will be applied together with the provider - components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. - If namespace is not specified, the namespace of the provider will - be used. There is no validation of the yaml content inside the configmap. + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. properties: name: description: Name defines the name of the configmap. @@ -14012,14 +14511,14 @@ spec: - name type: object configSecret: - description: ConfigSecret is the object with name and namespace of - the Secret providing the configuration variables for the current - provider instance, like e.g. credentials. Such configurations will - be used when creating or upgrading provider components. The contents - of the secret will be treated as immutable. If changes need to be - made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must - be in the same namespace as the provider. + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. properties: name: description: Name defines the name of the secret. @@ -14042,22 +14541,20 @@ spec: the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with @@ -14067,32 +14564,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -14105,32 +14596,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -14152,53 +14637,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -14211,32 +14689,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -14259,18 +14731,16 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -14281,38 +14751,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -14324,53 +14790,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -14382,42 +14870,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -14426,55 +14909,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -14487,51 +14966,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -14544,33 +15046,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -14583,18 +15081,16 @@ spec: as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred @@ -14605,38 +15101,34 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -14648,53 +15140,75 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -14706,42 +15220,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -14750,55 +15259,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -14811,51 +15316,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -14868,33 +15396,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -14905,19 +15429,20 @@ spec: containers: description: List of containers specified in the Deployment items: - description: ContainerSpec defines the properties available - to override for each container in a provider deployment such - as Image and Args to the container’s entrypoint. + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. properties: args: additionalProperties: type: string - description: Args represents extra provider specific flags - that are not encoded as fields in this API. Explicit controller - manager properties defined in the `Provider.ManagerSpec` + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead - of the container arg `--sync-period` if both are defined. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. type: object command: @@ -14938,17 +15463,16 @@ spec: be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's @@ -14961,10 +15485,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -14975,11 +15499,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -14994,11 +15516,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for @@ -15028,10 +15548,10 @@ spec: from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -15056,19 +15576,24 @@ spec: description: Compute resources required by this container. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -15085,8 +15610,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -15095,11 +15621,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -15109,12 +15635,15 @@ spec: imagePullSecrets: description: List of image pull secrets specified in the Deployment items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -15122,10 +15651,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object replicas: description: Number of desired pods. This is a pointer to distinguish @@ -15138,83 +15667,82 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object fetchConfig: - description: FetchConfig determines how the operator will fetch the - components and metadata for the provider. If nil, the operator will - try to fetch components according to default embedded fetch configuration - for the given kind and `ObjectMeta.Name`. For example, the infrastructure - name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: selector: - description: 'Selector to be used for fetching provider’s components - and metadata from ConfigMaps stored inside the cluster. Each - ConfigMap is expected to contain components and metadata for - a specific version only. Note: the name of the ConfigMap should - be set to the version or to override this add a label like the - following: provider.cluster.x-k8s.io/version=v1.4.3' + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -15226,19 +15754,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic url: - description: URL to be used for fetching the provider’s components - and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick - up desired version of the release from GitHub. + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. type: string type: object manager: @@ -15246,36 +15774,42 @@ spec: the controller manager for the provider. properties: cacheNamespace: - description: "CacheNamespace if specified restricts the manager's - cache to watch objects in the desired namespace Defaults to - all namespaces \n Note: If a namespace is specified, controllers - can still Watch for a cluster-scoped resource (e.g Node). For - namespaced resources the cache will only hold objects from the - desired namespace." + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. type: string controller: - description: Controller contains global configuration options - for controllers registered within this manager. + description: |- + Controller contains global configuration options for controllers + registered within this manager. properties: cacheSyncTimeout: - description: CacheSyncTimeout refers to the time limit set - to wait for syncing caches. Defaults to 2 minutes if not - set. + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. format: int64 type: integer groupKindConcurrency: additionalProperties: type: integer - description: "GroupKindConcurrency is a map from a Kind to - the number of concurrent reconciliation allowed for that - controller. \n When a controller is registered within this - manager using the builder utilities, users have to specify - the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this - map, the concurrency for that controller is set to the number - specified. \n The key is expected to be consistent in form - with GroupKind.String(), e.g. ReplicaSet in apps group (regardless - of version) would be `ReplicaSet.apps`." + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object recoverPanic: description: RecoverPanic indicates if panics should be recovered. @@ -15284,26 +15818,26 @@ spec: featureGates: additionalProperties: type: boolean - description: FeatureGates define provider specific feature flags - that will be passed in as container args to the provider's controller - manager. Controller Manager flag is --feature-gates. + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. type: object gracefulShutDown: - description: GracefulShutdownTimeout is the duration given to - runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) To use - graceful shutdown without timeout, set to a negative duration, - e.G. time.Duration(-1) The graceful shutdown is skipped for - safety reasons in case the leader election lease is lost. + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. type: string health: description: Health contains the controller health configuration properties: healthProbeBindAddress: - description: HealthProbeBindAddress is the TCP address that - the controller should bind to for serving health probes - It can be set to "0" or "" to disable serving the health - probe. + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. type: string livenessEndpointName: description: LivenessEndpointName, defaults to "healthz" @@ -15313,47 +15847,52 @@ spec: type: string type: object leaderElection: - description: LeaderElection is the LeaderElection config to be - used when configuring the manager.Manager leader election + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaseDuration: - description: leaseDuration is the duration that non-leader - candidates will wait after observing a leadership renewal - until attempting to acquire leadership of a led but unrenewed - leader slot. This is effectively the maximum duration that - a leader can be stopped before it is replaced by another - candidate. This is only applicable if leader election is + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is enabled. type: string renewDeadline: - description: renewDeadline is the interval between attempts - by the acting master to renew a leadership slot before it - stops leading. This must be less than or equal to the lease - duration. This is only applicable if leader election is - enabled. + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. type: string resourceLock: - description: resourceLock indicates the resource object type - that will be used to lock during leader election cycles. + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. type: string resourceName: - description: resourceName indicates the name of resource object - that will be used to lock during leader election cycles. + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. type: string resourceNamespace: - description: resourceName indicates the namespace of resource - object that will be used to lock during leader election - cycles. + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. type: string retryPeriod: - description: retryPeriod is the duration the clients should - wait between attempting acquisition and renewal of a leadership. - This is only applicable if leader election is enabled. + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. type: string required: - leaderElect @@ -15365,37 +15904,40 @@ spec: - retryPeriod type: object maxConcurrentReconciles: - description: MaxConcurrentReconciles is the maximum number of - concurrent Reconciles which can be run. + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. minimum: 1 type: integer metrics: description: Metrics contains thw controller metrics configuration properties: bindAddress: - description: BindAddress is the TCP address that the controller - should bind to for serving prometheus metrics. It can be - set to "0" to disable the metrics serving. + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. type: string type: object profilerAddress: - description: ProfilerAddress defines the bind address to expose - the pprof profiler (e.g. localhost:6060). Default empty, meaning - the profiler is disabled. Controller Manager flag is --profiler-address. + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. type: string syncPeriod: - description: SyncPeriod determines the minimum frequency at which - watched resources are reconciled. A lower period will correct - entropy more quickly, but reduce responsiveness to change if - there are many watched resources. Change this value only if - you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all - controllers so that all controllers will not send list requests - simultaneously. + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. type: string verbosity: default: 1 - description: Verbosity set the logs verbosity. Defaults to 1. + description: |- + Verbosity set the logs verbosity. Defaults to 1. Controller Manager flag is --verbosity. minimum: 0 type: integer @@ -15403,28 +15945,31 @@ spec: description: Webhook contains the controllers webhook configuration properties: certDir: - description: CertDir is the directory that contains the server - key and certificate. if not set, webhook server would look - up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. - The server key and certificate must be named tls.key and - tls.crt, respectively. + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. type: string host: - description: Host is the hostname that the webhook server - binds to. It is used to set webhook.Server.Host. + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. type: string port: - description: Port is the port that the webhook server serves - at. It is used to set webhook.Server.Port. + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. type: integer type: object type: object manifestPatches: - description: ManifestPatches are applied to rendered provider manifests - to customize the provider manifests. Patches are applied in the - order they are specified. The `kind` field must match the target - object, and if `apiVersion` is specified it will only be applied - to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 items: type: string type: array @@ -15442,37 +15987,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -15481,8 +16026,1629 @@ spec: type: object type: array contract: - description: Contract will contain the core provider contract that - the provider is abiding by, like e.g. v1alpha4. + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.14.0 + helm.sh/resource-policy: keep + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: runtimeextensionproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: RuntimeExtensionProvider + listKind: RuntimeExtensionProviderList + plural: runtimeextensionproviders + shortNames: + - carep + singular: runtimeextensionprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: RuntimeExtensionProvider is the Schema for the RuntimeExtensionProviders + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RuntimeExtensionProviderSpec defines the desired state of + RuntimeExtensionProvider. + properties: + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: RuntimeExtensionProviderStatus defines the observed state + of RuntimeExtensionProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. type: string installedVersion: description: InstalledVersion is the version of the provider that @@ -15774,6 +17940,28 @@ webhooks: resources: - ipamproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vruntimeextensionprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - runtimeextensionproviders + sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -15916,3 +18104,25 @@ webhooks: resources: - ipamproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vruntimeextensionprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - runtimeextensionproviders + sideEffects: None diff --git a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml index 7575c8bd..212ee2ad 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml @@ -1,10 +1,4 @@ --- -# Cert Manager options -# Full list of supported values is available at https://artifacthub.io/packages/helm/cert-manager/cert-manager -cert-manager: - enabled: false - fullnameOverride: "cert-manager" - namespace: "cert-manager" # --- # Cluster API provider options core: "" @@ -12,6 +6,7 @@ bootstrap: "" controlPlane: "" infrastructure: "" addon: "" +manager.featureGates: {} # --- # Common configuration secret options configSecret: {} @@ -24,8 +19,10 @@ leaderElection: image: manager: repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.8.1 + tag: v0.11.0 pullPolicy: IfNotPresent +env: + manager: [] healthAddr: ":8081" metricsBindAddr: "127.0.0.1:8080" diagnosticsAddress: "8443" diff --git a/packages/system/capi-providers/Makefile b/packages/system/capi-providers/Makefile index 339d569f..6e8d7868 100644 --- a/packages/system/capi-providers/Makefile +++ b/packages/system/capi-providers/Makefile @@ -1,4 +1,4 @@ -NAME=capi-providers -NAMESPACE=cozy-cluster-api +export NAME=capi-providers +export NAMESPACE=cozy-cluster-api include ../../../scripts/package-system.mk diff --git a/packages/system/capi-providers/templates/providers.yaml b/packages/system/capi-providers/templates/providers.yaml index 3ea90d6d..d3416c1e 100644 --- a/packages/system/capi-providers/templates/providers.yaml +++ b/packages/system/capi-providers/templates/providers.yaml @@ -3,24 +3,30 @@ apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: CoreProvider metadata: name: cluster-api +spec: + # https://github.com/kubernetes-sigs/cluster-api + version: v1.7.3 --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: ControlPlaneProvider metadata: name: kamaji spec: - # fix: https://github.com/clastix/cluster-api-control-plane-provider-kamaji/pull/78 - deployment: - containers: - - name: manager - imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.7.1-fix + # https://github.com/clastix/cluster-api-control-plane-provider-kamaji + version: v0.10.0 --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: BootstrapProvider metadata: name: kubeadm +spec: + # https://github.com/kubernetes-sigs/cluster-api + version: v1.7.3 --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 kind: InfrastructureProvider metadata: name: kubevirt +spec: + # https://github.com/kubevirt/cloud-provider-kubevirt + version: v0.5.1 diff --git a/packages/system/cert-manager-issuers/Makefile b/packages/system/cert-manager-issuers/Makefile index 7d38f770..7c01ba56 100644 --- a/packages/system/cert-manager-issuers/Makefile +++ b/packages/system/cert-manager-issuers/Makefile @@ -1,4 +1,4 @@ -NAME=cert-manager-issuers -NAMESPACE=cozy-cert-manager +export NAME=cert-manager-issuers +export NAMESPACE=cozy-cert-manager include ../../../scripts/package-system.mk diff --git a/packages/system/cert-manager/Makefile b/packages/system/cert-manager/Makefile index c871d9d3..929b160a 100644 --- a/packages/system/cert-manager/Makefile +++ b/packages/system/cert-manager/Makefile @@ -1,5 +1,5 @@ -NAME=cert-manager -NAMESPACE=cozy-$(NAME) +export NAME=cert-manager +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/cilium/Makefile b/packages/system/cilium/Makefile index a5caba3b..44d20e29 100644 --- a/packages/system/cilium/Makefile +++ b/packages/system/cilium/Makefile @@ -1,7 +1,7 @@ CILIUM_TAG=$(shell awk '$$1 == "version:" {print $$2}' charts/cilium/Chart.yaml) -NAME=cilium -NAMESPACE=cozy-$(NAME) +export NAME=cilium +export NAMESPACE=cozy-$(NAME) include ../../../scripts/common-envs.mk include ../../../scripts/package-system.mk diff --git a/packages/system/cilium/images/cilium.json b/packages/system/cilium/images/cilium.json index 47ee9b16..d42c822d 100644 --- a/packages/system/cilium/images/cilium.json +++ b/packages/system/cilium/images/cilium.json @@ -1,4 +1,51 @@ { - "containerimage.config.digest": "sha256:5d7a65f2d5c41bd53cccaa55d4f5d28933c08f5294e732b9a00427d091c1d78f", - "containerimage.digest": "sha256:f9f46b6c57cbe9ccb2686be7e58236e3bfae0942c4be687f0bf16270832f09ab" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/docker/dockerfile@experimental", + "digest": { + "sha256": "600e5c62eedff338b3f7a0850beb7c05866e0ef27b2d2e8c02aa468e78496ff5" + } + }, + { + "uri": "pkg:docker/golang@1.22-bookworm?platform=linux%2Famd64", + "digest": { + "sha256": "6c2780255bb7b881e904e303be0d7a079054160b2ce1efde446693c0850a39ad" + } + }, + { + "uri": "pkg:docker/quay.io/cilium/cilium@v1.15.5?platform=linux%2Famd64", + "digest": { + "sha256": "4ce1666a73815101ec9a4d360af6c5b7f1193ab00d89b7124f8505dee147ca40" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "gateway.v0", + "args": { + "cmdline": "docker/dockerfile:experimental", + "source": "docker/dockerfile:experimental" + }, + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "amd64/amd64/ydz7c2pwlqaadvlo84t1spegq", + "containerimage.config.digest": "sha256:1f918c5f4bd8a1c90596b7d4256c8a208482141ae3363ab0b4627203b3fa3b32", + "containerimage.digest": "sha256:90e2235e75febcac777c0338fa93d5e7522d82d029facb0c318305ed178a42ac" } \ No newline at end of file diff --git a/packages/system/cilium/images/cilium.tag b/packages/system/cilium/images/cilium.tag index ab03ee07..f2887794 100644 --- a/packages/system/cilium/images/cilium.tag +++ b/packages/system/cilium/images/cilium.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/cilium:latest +ghcr.io/aenix-io/cozystack/cilium:1.15.5 diff --git a/packages/system/clickhouse-operator/Makefile b/packages/system/clickhouse-operator/Makefile index b83cf6df..64447cca 100644 --- a/packages/system/clickhouse-operator/Makefile +++ b/packages/system/clickhouse-operator/Makefile @@ -1,5 +1,5 @@ -NAME=clickhouse-operator -NAMESPACE=cozy-clickhouse-operator +export NAME=clickhouse-operator +export NAMESPACE=cozy-clickhouse-operator include ../../../scripts/package-system.mk diff --git a/packages/system/dashboard/Makefile b/packages/system/dashboard/Makefile index f7a66c71..d17d36aa 100644 --- a/packages/system/dashboard/Makefile +++ b/packages/system/dashboard/Makefile @@ -1,5 +1,5 @@ -NAME=dashboard -NAMESPACE=cozy-$(NAME) +export NAME=dashboard +export NAMESPACE=cozy-$(NAME) include ../../../scripts/common-envs.mk include ../../../scripts/package-system.mk @@ -19,7 +19,7 @@ update-chart: update-dockerfiles: tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/vmware-tanzu/kubeapps | awk -F'[/^]' 'END{print $$3}') && \ wget https://github.com/vmware-tanzu/kubeapps/raw/$${tag}/cmd/kubeapps-apis/Dockerfile -O images/kubeapps-apis/Dockerfile && \ - patch images/kubeapps-apis/Dockerfile < images/kubeapps-apis/dockerfile.diff && \ + patch --no-backup-if-mismatch images/kubeapps-apis/Dockerfile < images/kubeapps-apis/dockerfile.diff && \ node_image=$$(wget -O- https://github.com/vmware-tanzu/kubeapps/raw/main/dashboard/Dockerfile | awk '/FROM bitnami\/node/ {print $$2}') && \ sed -i "s|FROM .* AS build|FROM $${node_image} AS build|" images/dashboard/Dockerfile && \ version=$$(echo "$$tag" | sed 's/^v//') && \ diff --git a/packages/system/dashboard/images/dashboard.json b/packages/system/dashboard/images/dashboard.json index fa70d533..b5de5c91 100644 --- a/packages/system/dashboard/images/dashboard.json +++ b/packages/system/dashboard/images/dashboard.json @@ -1,4 +1,41 @@ { - "containerimage.config.digest": "sha256:8126f86f18708a9157206884c63dc9df7f3090a33e05f4a1b94f2a7da7610c74", - "containerimage.digest": "sha256:e1a285812d1ce34bcf5c37db2a5c12ec99887c930b46ac261895dc98f674c066" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/bitnami/nginx@1.25.2?platform=linux%2Famd64", + "digest": { + "sha256": "fbd9335f55d83d8aaf9ab1a539b0f2a87b444e8c54f34c9a1ca9d7df15605db4" + } + }, + { + "uri": "pkg:docker/bitnami/node@20.12.1?platform=linux%2Famd64", + "digest": { + "sha256": "ac00b5d3742ef2b522e149ac3912a9118ca8dc27556f13700d4a53c1982b1460" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "amd64/amd64/vvxs4dbzlno0vtdl1zudk54fj", + "containerimage.config.digest": "sha256:52a7ac58f30de8bec104f3fa9b3dcc674f37edfee184c5d4229e24f69f4ddcb2", + "containerimage.digest": "sha256:8906436ebd6452549f0634c6db693c7c3248c123f0c882bb8b1bde34ec05aeb6" } \ No newline at end of file diff --git a/packages/system/dashboard/images/dashboard.tag b/packages/system/dashboard/images/dashboard.tag index b2afa3cc..bff2f641 100644 --- a/packages/system/dashboard/images/dashboard.tag +++ b/packages/system/dashboard/images/dashboard.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/dashboard:v0.7.0 +ghcr.io/aenix-io/cozystack/dashboard:v0.9.0 diff --git a/packages/system/dashboard/images/kubeapps-apis.json b/packages/system/dashboard/images/kubeapps-apis.json index 8a5f4ced..c3dd111a 100644 --- a/packages/system/dashboard/images/kubeapps-apis.json +++ b/packages/system/dashboard/images/kubeapps-apis.json @@ -1,4 +1,47 @@ { - "containerimage.config.digest": "sha256:44db4f7c92adb68c79eb3e152c95318e559e5c1ac0ba6e3d467596b1315f37a1", - "containerimage.digest": "sha256:b0c355cf5387b376e676a9e395fa0a11790409123a29e637a7080a413fe7f10d" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/bitnami/golang@1.22.2?platform=linux%2Famd64", + "digest": { + "sha256": "f6238d0feb519be3a157e0f29d56312fdcbfde165d96987f3956581126371977" + } + }, + { + "uri": "pkg:docker/bitnami/minideb@bookworm?platform=linux%2Famd64", + "digest": { + "sha256": "29b77c65b015126298b9b5d6c20a389f538145c619c8e049ccf2e7cd436e023a" + } + }, + { + "uri": "pkg:docker/alpine@latest?platform=linux%2Famd64", + "digest": { + "sha256": "b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "amd64/amd64/p2w3cwt8rnd7ivkbmg86ugjj0", + "containerimage.config.digest": "sha256:28621d87b70bc82caf060b33313051703456a2915e95371bcbe5c0e1e5b9daa3", + "containerimage.digest": "sha256:1b6826f030c6d288f9d91476b636300e544bbf55687e59f6de1765d1320faf7b" } \ No newline at end of file diff --git a/packages/system/dashboard/images/kubeapps-apis.tag b/packages/system/dashboard/images/kubeapps-apis.tag index e6a5a538..231ec10a 100644 --- a/packages/system/dashboard/images/kubeapps-apis.tag +++ b/packages/system/dashboard/images/kubeapps-apis.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.7.0 +ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.9.0 diff --git a/packages/system/dashboard/images/kubeapps-apis/Dockerfile b/packages/system/dashboard/images/kubeapps-apis/Dockerfile index b53ee603..99e7e56a 100644 --- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile +++ b/packages/system/dashboard/images/kubeapps-apis/Dockerfile @@ -8,8 +8,10 @@ ARG VERSION=v2.10.0 RUN apk add --no-cache patch WORKDIR /source RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1 +COPY fluxcd.diff /patches/fluxcd.diff COPY labels.diff /patches/labels.diff COPY reconcile-strategy.diff /patches/reconcile-strategy.diff +RUN patch -p1 < /patches/fluxcd.diff RUN patch -p1 < /patches/labels.diff RUN patch -p1 < /patches/reconcile-strategy.diff @@ -70,15 +72,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ ./cmd/kubeapps-apis -# Build 'kapp-controller' plugin, version 'v1alpha1' -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - -o /kapp-controller-packages-v1alpha1-plugin.so -buildmode=plugin \ - ./cmd/kubeapps-apis/plugins/kapp_controller/packages/v1alpha1/*.go - ## Build 'fluxv2' plugin, version 'v1alpha1' RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ @@ -111,7 +104,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ FROM bitnami/minideb:bookworm COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /go/src/github.com/vmware-tanzu/kubeapps/kubeapps-apis /kubeapps-apis -COPY --from=builder /kapp-controller-packages-v1alpha1-plugin.so /plugins/kapp-controller-packages/ COPY --from=builder /fluxv2-packages-v1alpha1-plugin.so /plugins/fluxv2-packages/ COPY --from=builder /helm-packages-v1alpha1-plugin.so /plugins/helm-packages/ COPY --from=builder /resources-v1alpha1-plugin.so /plugins/resources/ diff --git a/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff b/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff new file mode 100644 index 00000000..eb073c6c --- /dev/null +++ b/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff @@ -0,0 +1,3196 @@ +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go +index fa38d6ba6..f57d6f65c 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go +@@ -131,7 +131,7 @@ type NamespacedResourceWatcherCacheConfig struct { + OnResyncFunc ResyncFunc + + // These funcs are needed to manipulate API-specific objects, such as flux's +- // sourcev1beta2.HelmRepository, in a generic fashion ++ // sourcev1.HelmRepository, in a generic fashion + NewObjFunc NewObjectFunc + NewListFunc NewObjectListFunc + ListItemsFunc GetListItemsFunc +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go +index 58aae6e88..c0d62a9a7 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go +@@ -12,7 +12,7 @@ import ( + "strings" + + "github.com/bufbuild/connect-go" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common" +@@ -27,12 +27,12 @@ import ( + "sigs.k8s.io/yaml" + ) + +-func (s *Server) getChartInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1beta2.HelmChart, error) { ++func (s *Server) getChartInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1.HelmChart, error) { + client, err := s.getClient(headers, key.Namespace) + if err != nil { + return nil, err + } +- var chartObj sourcev1beta2.HelmChart ++ var chartObj sourcev1.HelmChart + if err = client.Get(ctx, key, &chartObj); err != nil { + return nil, connecterror.FromK8sError("get", "HelmChart", key.String(), err) + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go +index 2c16c88ec..95455476f 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go +@@ -12,7 +12,7 @@ import ( + "testing" + "time" + +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + fluxplugin "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" +@@ -329,12 +329,12 @@ func TestKindClusterRepoAndChartRBAC(t *testing.T) { + rules := map[string][]rbacv1.PolicyRule{ + names[1].Namespace: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{fluxHelmRepositories}, + Verbs: []string{"get", "list"}, + }, + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get", "list"}, + }, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go +index 7641d5c77..362fc82ef 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go +@@ -16,7 +16,7 @@ import ( + "github.com/bufbuild/connect-go" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redismock/v8" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" +@@ -187,7 +187,7 @@ func TestGetAvailablePackageDetail(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, secretObjs) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, secretObjs) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -291,7 +291,7 @@ func TestTransientHttpFailuresAreRetriedForChartCache(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -468,7 +468,7 @@ func TestNonExistingRepoOrInvalidPkgVersionGetAvailablePackageDetail(t *testing. + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -649,7 +649,7 @@ func TestGetAvailablePackageVersions(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -736,7 +736,7 @@ func TestGetOciAvailablePackageVersions(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, tc.charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, tc.charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -979,12 +979,12 @@ func TestChartWithRelativeURL(t *testing.T) { + } + })) + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: ts.URL, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -1003,7 +1003,7 @@ func TestChartWithRelativeURL(t *testing.T) { + defer ts.Close() + + s, mock, err := newServerWithRepos(t, +- []sourcev1beta2.HelmRepository{repo}, ++ []sourcev1.HelmRepository{repo}, + []testSpecChartWithUrl{ + { + chartID: fmt.Sprintf("%s/airflow", repoName), +@@ -1073,7 +1073,7 @@ func TestGetOciAvailablePackageDetail(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, tc.charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, tc.charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -1129,8 +1129,8 @@ func TestGetOciAvailablePackageDetail(t *testing.T) { + } + } + +-func newChart(name, namespace string, spec *sourcev1beta2.HelmChartSpec, status *sourcev1beta2.HelmChartStatus) sourcev1beta2.HelmChart { +- helmChart := sourcev1beta2.HelmChart{ ++func newChart(name, namespace string, spec *sourcev1.HelmChartSpec, status *sourcev1.HelmChartStatus) sourcev1.HelmChart { ++ helmChart := sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Generation: int64(1), +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go +index cdb3611b0..5d5f5433b 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go +@@ -24,8 +24,8 @@ import ( + "github.com/bufbuild/connect-go" + "github.com/docker/cli/cli/config" + "github.com/docker/cli/cli/config/credentials" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/google/go-containerregistry/pkg/authn" + plugins "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/plugins/v1alpha1" +@@ -68,20 +68,20 @@ func init() { + } + + repositoriesGvr = schema.GroupVersionResource{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, + Resource: "helmrepositories", + } + + chartsGvr = schema.GroupVersionResource{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, + Resource: "helmcharts", + } + + releasesGvr = schema.GroupVersionResource{ +- Group: helmv2beta2.GroupVersion.Group, +- Version: helmv2beta2.GroupVersion.Version, ++ Group: helmv2.GroupVersion.Group, ++ Version: helmv2.GroupVersion.Version, + Resource: "helmreleases", + } + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go +index e3c1880a5..556516068 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go +@@ -10,10 +10,10 @@ import ( + + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/k8sutils" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" + "google.golang.org/protobuf/types/known/anypb" +@@ -1006,33 +1006,33 @@ var ( + }, + } + +- add_repo_1 = sourcev1beta2.HelmRepository{ ++ add_repo_1 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, + } + +- add_repo_2 = sourcev1beta2.HelmRepository{ ++ add_repo_2 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1040,17 +1040,17 @@ var ( + }, + } + +- add_repo_3 = sourcev1beta2.HelmRepository{ ++ add_repo_3 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1058,17 +1058,17 @@ var ( + }, + } + +- add_repo_4 = sourcev1beta2.HelmRepository{ ++ add_repo_4 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1077,51 +1077,51 @@ var ( + }, + } + +- add_repo_5 = sourcev1beta2.HelmRepository{ ++ add_repo_5 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + PassCredentials: true, + }, + } + +- add_repo_6 = sourcev1beta2.HelmRepository{ ++ add_repo_6 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: github_stefanprodan_podinfo_oci_registry_url, + Interval: metav1.Duration{Duration: 10 * time.Minute}, + Type: "oci", + }, + } + +- add_repo_7 = sourcev1beta2.HelmRepository{ ++ add_repo_7 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: github_stefanprodan_podinfo_oci_registry_url, + Interval: metav1.Duration{Duration: 10 * time.Minute}, + Type: "oci", +@@ -1129,10 +1129,10 @@ var ( + }, + } + +- add_repo_8 = sourcev1beta2.HelmRepository{ ++ add_repo_8 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", +@@ -1140,7 +1140,7 @@ var ( + ResourceVersion: "1", + Annotations: map[string]string{k8sutils.AnnotationDescriptionKey: "repo desc"}, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +@@ -1831,7 +1831,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1844,7 +1844,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -1886,7 +1886,7 @@ var ( + releaseSuspend: true, + releaseServiceAccountName: "foo", + releaseValues: &v1.JSON{Raw: redis_existing_spec_completed_with_values_and_reconciliation_options_values_bytes}, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1899,7 +1899,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -1923,20 +1923,20 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.InstallFailedReason, ++ Reason: helmv2.InstallFailedReason, + Message: "install retries exhausted", + }, + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.InstallFailedReason, ++ Reason: helmv2.InstallFailedReason, + Message: "Helm install failed: unable to build kubernetes objects from release manifest: error validating \"\": error validating data: ValidationError(Deployment.spec.replicas): invalid type for io.k8s.api.apps.v1.DeploymentSpec.replicas: got \"string\", expected \"integer\"", + }, + }, +@@ -1961,13 +1961,13 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.GetLastReleaseFailedReason, ++ Reason: helmv2.GetLastReleaseFailedReason, + Message: "failed to get last release revision", + }, + }, +@@ -1990,13 +1990,13 @@ var ( + Namespace: "test", + Generation: 2, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.GetLastReleaseFailedReason, ++ Reason: helmv2.GetLastReleaseFailedReason, + Message: "failed to get last release revision", + }, + }, +@@ -2027,7 +2027,7 @@ var ( + Namespace: "namespace-2", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2040,7 +2040,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2064,7 +2064,7 @@ var ( + Namespace: "namespace-2", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2077,7 +2077,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2101,7 +2101,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2130,13 +2130,13 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.ArtifactFailedReason, ++ Reason: helmv2.ArtifactFailedReason, + Message: "HelmChart 'default/kubeapps-my-redis' is not ready", + }, + }, +@@ -2168,7 +2168,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2181,7 +2181,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2275,41 +2275,41 @@ var ( + PostInstallationNotes: "some notes", + } + +- flux_helm_release_basic = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_basic = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_semver_constraint = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_semver_constraint = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + Version: "> 5", + }) + +- flux_helm_release_reconcile_options = &helmv2beta2.HelmRelease{ ++ flux_helm_release_reconcile_options = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, +@@ -2327,22 +2327,22 @@ var ( + "message": "what we do in the shadows", + }}) + +- flux_helm_release_values = &helmv2beta2.HelmRelease{ ++ flux_helm_release_values = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, +@@ -2357,10 +2357,10 @@ var ( + InstalledPackageRef: installedRef("my-podinfo", "test"), + } + +- flux_helm_release_updated_1 = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_1 = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2368,12 +2368,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2384,10 +2384,10 @@ var ( + }, + } + +- flux_helm_release_updated_2 = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_2 = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2395,12 +2395,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2424,7 +2424,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2437,7 +2437,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2457,10 +2457,10 @@ var ( + status: release.StatusDeployed, + } + +- flux_helm_release_updated_target_ns_is_set = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_target_ns_is_set = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2468,12 +2468,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2661,50 +2661,50 @@ var ( + }, + } + +- flux_helm_release_upgrade_policy_none = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_none = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: "5.2.1", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_major = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_major = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_minor = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_minor = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1 <6.0.0", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_patch = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_patch = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1 <5.3.0", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_updated_upgrade_major = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_major = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2712,13 +2712,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2728,10 +2728,10 @@ var ( + }, + } + +- flux_helm_release_updated_upgrade_minor = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_minor = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2739,13 +2739,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0 <15.0.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2755,10 +2755,10 @@ var ( + }, + } + +- flux_helm_release_updated_upgrade_patch = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_patch = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2766,13 +2766,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0 <14.5.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -3230,13 +3230,13 @@ var ( + } + + get_summaries_repo_1 = newRepo("bar", "foo", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 + SecretRef: &fluxmeta.LocalObjectReference{}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -3257,11 +3257,11 @@ var ( + }) + + get_summaries_repo_2 = newRepo("zot", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -3282,19 +3282,19 @@ var ( + }) + + get_summaries_repo_3 = newRepo("pending", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ObservedGeneration: -1}, ++ &sourcev1.HelmRepositoryStatus{ObservedGeneration: -1}, + ) + + get_summaries_repo_4 = newRepo("failed", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -4027,19 +4027,19 @@ var ( + } + } + +- newFluxHelmRelease = func(chartSpec helmv2beta2.HelmChartTemplateSpec) *helmv2beta2.HelmRelease { +- return &helmv2beta2.HelmRelease{ ++ newFluxHelmRelease = func(chartSpec helmv2.HelmChartTemplateSpec) *helmv2.HelmRelease { ++ return &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ + Spec: chartSpec, + }, + Interval: metav1.Duration{Duration: 1 * time.Minute}, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go +index 672b8140d..be0270f16 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go +@@ -18,9 +18,9 @@ import ( + "testing" + "time" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/vmware-tanzu/kubeapps/cmd/apprepository-controller/pkg/client/clientset/versioned/scheme" + plugins "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/plugins/v1alpha1" +@@ -143,7 +143,7 @@ func checkEnv(t *testing.T) (fluxplugin.FluxV2PackagesServiceClient, fluxplugin. + } + + // Check for helmrepositories left over from manual testing. This has caused me a lot grief +- var l *sourcev1beta2.HelmRepositoryList ++ var l *sourcev1.HelmRepositoryList + var names []string + const maxWait = 25 + for i := 0; i <= maxWait; i++ { +@@ -251,12 +251,12 @@ func kubeAddHelmRepository(t *testing.T, name types.NamespacedName, typ, url, se + if interval <= 0 { + interval = time.Duration(10 * time.Minute) + } +- repo := sourcev1beta2.HelmRepository{ ++ repo := sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: url, + Interval: metav1.Duration{Duration: interval}, + }, +@@ -297,7 +297,7 @@ func kubeAddHelmRepositoryAndCleanup(t *testing.T, name types.NamespacedName, ty + return err + } + +-func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1beta2.HelmRepository, error) { ++func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1.HelmRepository, error) { + t.Logf("+kubeGetHelmRepository(%s)", name) + + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) +@@ -305,7 +305,7 @@ func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1be + if ifc, err := kubeGetCtrlClient(); err != nil { + return nil, err + } else { +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if err := ifc.Get(ctx, name, &repo); err != nil { + return nil, err + } +@@ -313,7 +313,7 @@ func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1be + } + } + +-func kubeListAllHelmRepositories(t *testing.T) (*sourcev1beta2.HelmRepositoryList, error) { ++func kubeListAllHelmRepositories(t *testing.T) (*sourcev1.HelmRepositoryList, error) { + t.Logf("+kubeListAllHelmRepositories()") + + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) +@@ -321,7 +321,7 @@ func kubeListAllHelmRepositories(t *testing.T) (*sourcev1beta2.HelmRepositoryLis + if ifc, err := kubeGetCtrlClient(); err != nil { + return nil, err + } else { +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + if err := ifc.List(ctx, &repoList); err != nil { + return nil, err + } +@@ -340,7 +340,7 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + } else { + ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second) + defer cancel() +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + if watcher, err := ifc.Watch(ctx, &repoList); err != nil { + return err + } else { +@@ -357,8 +357,8 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + } + switch event.Type { + case watch.Added, watch.Modified: +- if repo, ok := event.Object.(*sourcev1beta2.HelmRepository); !ok { +- return errors.New("Could not cast to *sourcev1beta2.HelmRepository") ++ if repo, ok := event.Object.(*sourcev1.HelmRepository); !ok { ++ return errors.New("Could not cast to *sourcev1.HelmRepository") + } else { + hour, minute, second := time.Now().Clock() + complete, success, reason := isHelmRepositoryReady(*repo) +@@ -381,7 +381,7 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + // this should eventually be replaced with flux plugin's DeleteRepository() + func kubeDeleteHelmRepository(t *testing.T, name types.NamespacedName) error { + t.Logf("+kubeDeleteHelmRepository(%s)", name) +- repo := &sourcev1beta2.HelmRepository{ ++ repo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, +@@ -400,7 +400,7 @@ func kubeExistsHelmRepository(t *testing.T, name types.NamespacedName) (bool, er + t.Logf("+kubeExistsHelmRepository(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if ifc, err := kubeGetCtrlClient(); err != nil { + return false, err + } else if err = ifc.Get(ctx, name, &repo); err == nil { +@@ -414,7 +414,7 @@ func kubeDeleteHelmRelease(t *testing.T, name types.NamespacedName) error { + t.Logf("+kubeDeleteHelmRelease(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- release := &helmv2beta2.HelmRelease{ ++ release := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, +@@ -431,7 +431,7 @@ func kubeExistsHelmRelease(t *testing.T, name types.NamespacedName) (bool, error + t.Logf("+kubeExistsHelmRelease(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- var rel helmv2beta2.HelmRelease ++ var rel helmv2.HelmRelease + if ifc, err := kubeGetCtrlClient(); err != nil { + return false, err + } else if err = ifc.Get(ctx, name, &rel); err == nil { +@@ -826,7 +826,7 @@ func kubeCreateSecret(t *testing.T, secret *apiv1.Secret) error { + return err + } + +-func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1beta2.HelmRepository) error { ++func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1.HelmRepository) error { + t.Logf("+kubeSetKubeappsManagedSecretOwnerRef(%s, %s)", secretName, ownerRepo.Name) + typedClient, err := kubeGetTypedClient() + if err != nil { +@@ -852,9 +852,9 @@ func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.Namespa + *metav1.NewControllerRef( + ownerRepo, + schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind, + }), + } + +@@ -1029,11 +1029,11 @@ func kubeGetCtrlClient() (ctrlclient.WithWatch, error) { + return nil, err + } else { + scheme := runtime.NewScheme() +- err = sourcev1beta2.AddToScheme(scheme) ++ err = sourcev1.AddToScheme(scheme) + if err != nil { + return nil, err + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + return nil, err + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go +index 67bfa5480..149f904c4 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go +@@ -47,7 +47,7 @@ import ( + + "github.com/fluxcd/pkg/oci/auth/login" + "github.com/fluxcd/pkg/version" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + + // OCI Registry As a Storage (ORAS) + orasregistryauthv2 "oras.land/oras-go/v2/registry/remote/auth" +@@ -386,7 +386,7 @@ func newRegistryClient(isLogin bool, tlsConfig *tls.Config, getterOpts []getter. + // OCI Helm repository, which defines a source, does not produce an Artifact + // ref https://fluxcd.io/docs/components/source/helmrepositories/#helm-oci-repository + +-func (s *repoEventSink) onAddOciRepo(repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onAddOciRepo(repo sourcev1.HelmRepository) ([]byte, bool, error) { + log.V(4).Infof("+onAddOciRepo(%s)", common.PrettyPrint(repo)) + defer log.V(4).Info("-onAddOciRepo") + +@@ -444,7 +444,7 @@ func (s *repoEventSink) onAddOciRepo(repo sourcev1beta2.HelmRepository) ([]byte, + return buf.Bytes(), true, nil + } + +-func (s *repoEventSink) onModifyOciRepo(key string, oldValue interface{}, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onModifyOciRepo(key string, oldValue interface{}, repo sourcev1.HelmRepository) ([]byte, bool, error) { + log.Infof("+onModifyOciRepo(%s)", common.PrettyPrint(repo)) + defer log.Info("-onModifyOciRepo") + +@@ -576,12 +576,12 @@ func (r *OCIChartRepository) shortRepoName(fullRepoName string) (string, error) + } + } + +-func (s *Server) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1beta2.HelmRepository) (*OCIChartRepository, error) { ++func (s *Server) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1.HelmRepository) (*OCIChartRepository, error) { + sink := s.newRepoEventSink() + return sink.newOCIChartRepositoryAndLogin(ctx, repo) + } + +-func (s *repoEventSink) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1beta2.HelmRepository) (*OCIChartRepository, error) { ++func (s *repoEventSink) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1.HelmRepository) (*OCIChartRepository, error) { + if loginOpts, getterOpts, cred, err := s.clientOptionsForOciRepo(ctx, repo); err != nil { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Failed to create registry client: %w", err)) + } else { +@@ -649,7 +649,7 @@ func (s *repoEventSink) newOCIChartRepositoryAndLoginWithOptions(registryURL str + return ociRepo, nil + } + +-func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo sourcev1beta2.HelmRepository) ([]registry.LoginOption, []getter.Option, *orasregistryauthv2.Credential, error) { ++func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo sourcev1.HelmRepository) ([]registry.LoginOption, []getter.Option, *orasregistryauthv2.Credential, error) { + var loginOpts []registry.LoginOption + var cred *orasregistryauthv2.Credential + getterOpts := []getter.Option{ +@@ -680,7 +680,7 @@ func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo source + } + } + +- if repo.Spec.Provider != "" && repo.Spec.Provider != sourcev1beta2.GenericOCIProvider { ++ if repo.Spec.Provider != "" && repo.Spec.Provider != "generic" { + ctxTimeout, cancel := context.WithTimeout(ctx, repo.Spec.Timeout.Duration) + defer cancel() + +@@ -734,7 +734,7 @@ func downloadChartWithHelmGetter(tlsConfig *tls.Config, getterOptions []getter.O + return buf, err + } + +-func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRepo *OCIChartRepository, repo *sourcev1beta2.HelmRepository) ([]models.Chart, error) { ++func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRepo *OCIChartRepository, repo *sourcev1.HelmRepository) ([]models.Chart, error) { + charts := []models.Chart{} + for _, fullAppName := range appNames { + appName, err := ociChartRepo.shortRepoName(fullAppName) +@@ -756,7 +756,7 @@ func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRe + return charts, nil + } + +-func getOciChartModel(appName string, tags TagList, ociChartRepo *OCIChartRepository, repo *sourcev1beta2.HelmRepository) (*models.Chart, error) { ++func getOciChartModel(appName string, tags TagList, ociChartRepo *OCIChartRepository, repo *sourcev1.HelmRepository) (*models.Chart, error) { + // Encode repository names to store them in the database. + encodedAppName := url.PathEscape(appName) + chartID := path.Join(repo.Name, encodedAppName) +@@ -870,8 +870,8 @@ func downloadOCIChartFn(ociRepo *OCIChartRepository) func(chartID, chartUrl, cha + } + + // oidcAuth generates the OIDC credential authenticator based on the specified cloud provider. +-func oidcAuth(ctx context.Context, repo sourcev1beta2.HelmRepository) (*orasregistryauthv2.Credential, error) { +- url := strings.TrimPrefix(repo.Spec.URL, sourcev1beta2.OCIRepositoryPrefix) ++func oidcAuth(ctx context.Context, repo sourcev1.HelmRepository) (*orasregistryauthv2.Credential, error) { ++ url := strings.TrimPrefix(repo.Spec.URL, "oci://") + ref, err := name.ParseReference(url) + if err != nil { + return nil, fmt.Errorf("failed to parse URL '%s': %w", repo.Spec.URL, err) +@@ -888,11 +888,11 @@ func oidcAuth(ctx context.Context, repo sourcev1beta2.HelmRepository) (*orasregi + func loginWithManager(ctx context.Context, provider, url string, ref name.Reference) (*orasregistryauthv2.Credential, error) { + opts := login.ProviderOptions{} + switch provider { +- case sourcev1beta2.AmazonOCIProvider: ++ case "amazon": + opts.AwsAutoLogin = true +- case sourcev1beta2.AzureOCIProvider: ++ case "azure": + opts.AzureAutoLogin = true +- case sourcev1beta2.GoogleOCIProvider: ++ case "gcp": + opts.GcpAutoLogin = true + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +index c489cb6ca..37593c166 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +@@ -12,9 +12,9 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/connecterror" +@@ -40,7 +40,7 @@ var ( + ) + + // namespace maybe "", in which case releases from all namespaces are returned +-func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, namespace string) ([]helmv2beta2.HelmRelease, error) { ++func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, namespace string) ([]helmv2.HelmRelease, error) { + client, err := s.getClient(headers, namespace) + if err != nil { + return nil, err +@@ -53,7 +53,7 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, + // 2) there is a "consistent snapshot" problem, where the client doesn't want to + // see any results created/updated/deleted after the first request is issued + // To fix this, we must make use of resourceVersion := relList.GetResourceVersion() +- var relList helmv2beta2.HelmReleaseList ++ var relList helmv2.HelmReleaseList + if err = client.List(ctx, &relList); err != nil { + return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err) + } else { +@@ -61,13 +61,13 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, + } + } + +-func (s *Server) getReleaseInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*helmv2beta2.HelmRelease, error) { ++func (s *Server) getReleaseInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*helmv2.HelmRelease, error) { + client, err := s.getClient(headers, key.Namespace) + if err != nil { + return nil, err + } + +- var rel helmv2beta2.HelmRelease ++ var rel helmv2.HelmRelease + if err = client.Get(ctx, key, &rel); err != nil { + return nil, connecterror.FromK8sError("get", "HelmRelease", key.String(), err) + } +@@ -106,7 +106,7 @@ func (s *Server) paginatedInstalledPkgSummaries(ctx context.Context, headers htt + return installedPkgSummaries, nil + } + +-func (s *Server) installedPkgSummaryFromRelease(ctx context.Context, headers http.Header, rel helmv2beta2.HelmRelease) (*corev1.InstalledPackageSummary, error) { ++func (s *Server) installedPkgSummaryFromRelease(ctx context.Context, headers http.Header, rel helmv2.HelmRelease) (*corev1.InstalledPackageSummary, error) { + name, err := common.NamespacedName(&rel) + if err != nil { + return nil, err +@@ -236,11 +236,7 @@ func (s *Server) installedPackageDetail(ctx context.Context, headers http.Header + + // this will only be present if install/upgrade succeeded + // TODO(agamez): flux upgrade - migrate to Status.History, see https://github.com/fluxcd/flux2/releases/tag/v2.2.0 +- pkgVersion := rel.Status.LastAppliedRevision +- if pkgVersion == "" { +- // this is the back-up option: will be there if the reconciliation is in progress or has failed +- pkgVersion = rel.Status.LastAttemptedRevision +- } ++ pkgVersion := rel.Status.LastAttemptedRevision + + availablePackageRef, err := installedPackageAvailablePackageRef(rel) + if err != nil { +@@ -288,7 +284,7 @@ func (s *Server) installedPackageDetail(ctx context.Context, headers http.Header + }, nil + } + +-func (s *Server) getReleaseViaHelmApi(headers http.Header, key types.NamespacedName, rel *helmv2beta2.HelmRelease) (*release.Release, error) { ++func (s *Server) getReleaseViaHelmApi(headers http.Header, key types.NamespacedName, rel *helmv2.HelmRelease) (*release.Release, error) { + // post installation notes can only be retrieved via helm APIs, flux doesn't do it + // see discussion in https://cloud-native.slack.com/archives/CLAJ40HV3/p1629244025187100 + if s.actionConfigGetter == nil { +@@ -458,7 +454,7 @@ func (s *Server) updateRelease(ctx context.Context, headers http.Header, package + // process and the current status no longer applies. metadata and spec I want + // to keep, as they may have had added labels and/or annotations and/or + // even other changes made by the user. +- rel.Status = helmv2beta2.HelmReleaseStatus{} ++ rel.Status = helmv2.HelmReleaseStatus{} + + client, err := s.getClient(headers, packageRef.Context.Namespace) + if err != nil { +@@ -489,7 +485,7 @@ func (s *Server) deleteRelease(ctx context.Context, headers http.Header, package + + log.V(4).Infof("Deleting release: [%s]", packageRef.Identifier) + +- rel := &helmv2beta2.HelmRelease{ ++ rel := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: packageRef.Identifier, + Namespace: packageRef.Context.Namespace, +@@ -507,19 +503,19 @@ func (s *Server) deleteRelease(ctx context.Context, headers http.Header, package + // 2. metadata.namespace, where this HelmRelease CRD will exist, same as (3) below + // per https://github.com/vmware-tanzu/kubeapps/pull/3640#issuecomment-949315105 + // 3. spec.targetNamespace, where flux will install any artifacts from the release +-func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.NamespacedName, versionExpr string, reconcile *corev1.ReconciliationOptions, values map[string]interface{}) (*helmv2beta2.HelmRelease, error) { +- fluxRelease := &helmv2beta2.HelmRelease{ ++func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.NamespacedName, versionExpr string, reconcile *corev1.ReconciliationOptions, values map[string]interface{}) (*helmv2.HelmRelease, error) { ++ fluxRelease := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: targetName.Name, + Namespace: targetName.Namespace, + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: &helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: chart.Name, +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ ++ SourceRef: helmv2.CrossNamespaceObjectReference{ + Name: chart.Repo.Name, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + Namespace: chart.Repo.Namespace, + }, + }, +@@ -581,7 +577,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp + // when install completes with success + // - "reason" field: failure only when flux returns "InstallFailed" reason + // otherwise pending or unspecified when there are no status conditions to go by +-func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1.InstalledPackageStatus_StatusReason, userReason string) { ++func isHelmReleaseReady(rel helmv2.HelmRelease) (ready bool, status corev1.InstalledPackageStatus_StatusReason, userReason string) { + if !checkReleaseGeneration(rel) { + // according to https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + // observedGeneration represents the .metadata.generation that the condition was set based upon. +@@ -601,9 +597,8 @@ func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1. + // "reason": "InstallFailed" + // i.e. not super useful + userReason = readyCond.Reason +- if userReason == helmv2beta2.InstallFailedReason || +- userReason == helmv2beta2.UpgradeFailedReason || +- userReason == helmv2beta2.GetLastReleaseFailedReason { ++ if userReason == helmv2.InstallFailedReason || ++ userReason == helmv2.UpgradeFailedReason { + isInstallFailed = true + } + } +@@ -627,7 +622,7 @@ func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1. + return false, corev1.InstalledPackageStatus_STATUS_REASON_PENDING, userReason + } + +-func installedPackageStatus(rel helmv2beta2.HelmRelease) *corev1.InstalledPackageStatus { ++func installedPackageStatus(rel helmv2.HelmRelease) *corev1.InstalledPackageStatus { + ready, reason, userReason := isHelmReleaseReady(rel) + return &corev1.InstalledPackageStatus{ + Ready: ready, +@@ -636,7 +631,7 @@ func installedPackageStatus(rel helmv2beta2.HelmRelease) *corev1.InstalledPackag + } + } + +-func installedPackageReconciliationOptions(rel *helmv2beta2.HelmRelease) *corev1.ReconciliationOptions { ++func installedPackageReconciliationOptions(rel *helmv2.HelmRelease) *corev1.ReconciliationOptions { + reconciliationOptions := &corev1.ReconciliationOptions{} + reconciliationOptions.Interval = pkgutils.FromDuration(&rel.Spec.Interval) + reconciliationOptions.Suspend = rel.Spec.Suspend +@@ -644,7 +639,7 @@ func installedPackageReconciliationOptions(rel *helmv2beta2.HelmRelease) *corev1 + return reconciliationOptions + } + +-func installedPackageAvailablePackageRef(rel *helmv2beta2.HelmRelease) (*corev1.AvailablePackageReference, error) { ++func installedPackageAvailablePackageRef(rel *helmv2.HelmRelease) (*corev1.AvailablePackageReference, error) { + repoName := rel.Spec.Chart.Spec.SourceRef.Name + if repoName == "" { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Missing required field spec.chart.spec.sourceRef.name")) +@@ -670,7 +665,7 @@ func installedPackageAvailablePackageRef(rel *helmv2beta2.HelmRelease) (*corev1. + } + + // ref https://fluxcd.io/docs/components/helm/helmreleases/ +-func helmReleaseName(key types.NamespacedName, rel *helmv2beta2.HelmRelease) types.NamespacedName { ++func helmReleaseName(key types.NamespacedName, rel *helmv2.HelmRelease) types.NamespacedName { + helmReleaseName := rel.Spec.ReleaseName + // according to docs ReleaseName is optional and defaults to a composition of + // '[TargetNamespace-]Name'. +@@ -691,7 +686,7 @@ func helmReleaseName(key types.NamespacedName, rel *helmv2beta2.HelmRelease) typ + return types.NamespacedName{Name: helmReleaseName, Namespace: helmReleaseNamespace} + } + +-func checkReleaseGeneration(rel helmv2beta2.HelmRelease) bool { ++func checkReleaseGeneration(rel helmv2.HelmRelease) bool { + generation := rel.GetGeneration() + observedGeneration := rel.Status.ObservedGeneration + return generation > 0 && generation == observedGeneration +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go +index ba46e9633..dd5507e60 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go +@@ -12,8 +12,8 @@ import ( + "testing" + "time" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -949,7 +949,7 @@ func TestKindClusterRBAC_ReadRelease(t *testing.T) { + rules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "list"}, + }, +@@ -1044,14 +1044,14 @@ func TestKindClusterRBAC_ReadRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns1: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get", "list"}, + }, + }, + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "list"}, + }, +@@ -1188,7 +1188,7 @@ func TestKindClusterRBAC_CreateRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"create"}, + }, +@@ -1218,14 +1218,14 @@ func TestKindClusterRBAC_CreateRelease(t *testing.T) { + nsToRules = map[string][]rbacv1.PolicyRule{ + ns1: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get"}, + }, + }, + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"create"}, + }, +@@ -1335,7 +1335,7 @@ func TestKindClusterRBAC_UpdateRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get"}, + }, +@@ -1368,7 +1368,7 @@ func TestKindClusterRBAC_UpdateRelease(t *testing.T) { + nsToRules = map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "update"}, + }, +@@ -1476,7 +1476,7 @@ func TestKindClusterRBAC_DeleteRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"delete"}, + }, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go +index 824afc678..8827ccdbe 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go +@@ -12,10 +12,10 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -43,7 +43,7 @@ type testSpecGetInstalledPackages struct { + releaseValues *v1.JSON + releaseSuspend bool + releaseServiceAccountName string +- releaseStatus helmv2beta2.HelmReleaseStatus ++ releaseStatus helmv2.HelmReleaseStatus + // only used to test edge cases now, most tests should not set this + targetNamespace string + } +@@ -511,7 +511,7 @@ func TestCreateInstalledPackage(t *testing.T) { + existingObjs testSpecCreateInstalledPackage + expectedStatusCode codes.Code + expectedResponse *corev1.CreateInstalledPackageResponse +- expectedRelease *helmv2beta2.HelmRelease ++ expectedRelease *helmv2.HelmRelease + defaultUpgradePolicyStr string + }{ + { +@@ -637,7 +637,7 @@ func TestCreateInstalledPackage(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{*repo}) + if err != nil { + t.Fatal(err) + } +@@ -686,12 +686,12 @@ func TestCreateInstalledPackage(t *testing.T) { + t.Fatal(err) + } else { + key := types.NamespacedName{Namespace: tc.request.TargetContext.Namespace, Name: tc.request.Name} +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if err = ctrlClient.Get(context.Background(), key, &actualRel); err != nil { + t.Fatal(err) + } else { + // Values are JSON string and need to be compared as such +- opts = cmpopts.IgnoreFields(helmv2beta2.HelmReleaseSpec{}, "Values") ++ opts = cmpopts.IgnoreFields(helmv2.HelmReleaseSpec{}, "Values") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -714,7 +714,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + existingK8sObjs *testSpecGetInstalledPackages + expectedErrorCode connect.Code + expectedResponse *corev1.UpdateInstalledPackageResponse +- expectedRelease *helmv2beta2.HelmRelease ++ expectedRelease *helmv2.HelmRelease + defaultUpgradePolicyStr string + }{ + { +@@ -894,7 +894,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + Name: tc.expectedResponse.InstalledPackageRef.Identifier, + } + ctx := context.Background() +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else if err = ctrlClient.Get(ctx, key, &actualRel); err != nil { +@@ -902,7 +902,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + } + + // Values are JSON string and need to be compared as such +- opts = cmpopts.IgnoreFields(helmv2beta2.HelmReleaseSpec{}, "Values") ++ opts = cmpopts.IgnoreFields(helmv2.HelmReleaseSpec{}, "Values") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -985,7 +985,7 @@ func TestDeleteInstalledPackage(t *testing.T) { + Name: tc.request.InstalledPackageRef.Identifier, + } + ctx := context.Background() +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else if err = ctrlClient.Get(ctx, key, &actualRel); !errors.IsNotFound(err) { +@@ -1129,15 +1129,15 @@ func TestGetInstalledPackageResourceRefs(t *testing.T) { + } + } + +-func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPackages) (charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease, cleanup func()) { ++func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPackages) (charts []sourcev1.HelmChart, releases []helmv2.HelmRelease, cleanup func()) { + httpServers := []*httptest.Server{} + cleanup = func() { + for _, ts := range httpServers { + ts.Close() + } + } +- charts = []sourcev1beta2.HelmChart{} +- releases = []helmv2beta2.HelmRelease{} ++ charts = []sourcev1.HelmChart{} ++ releases = []helmv2.HelmRelease{} + + for _, existing := range existingK8sObjs { + tarGzBytes, err := os.ReadFile(existing.chartTarGz) +@@ -1155,24 +1155,24 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + })) + httpServers = append(httpServers, ts) + +- chartSpec := &sourcev1beta2.HelmChartSpec{ ++ chartSpec := &sourcev1.HelmChartSpec{ + Chart: existing.chartName, +- SourceRef: sourcev1beta2.LocalHelmChartSourceReference{ ++ SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: existing.repoName, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + }, + Version: existing.chartSpecVersion, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- chartStatus := &sourcev1beta2.HelmChartStatus{ ++ chartStatus := &sourcev1.HelmChartStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Message: "Fetched revision: " + existing.chartSpecVersion, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionTrue, +- Reason: sourcev1beta2.ChartPullSucceededReason, ++ Reason: sourcev1.ChartPullSucceededReason, + }, + }, + Artifact: &sourcev1.Artifact{ +@@ -1183,14 +1183,14 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + chart := newChart(existing.chartName, existing.repoNamespace, chartSpec, chartStatus) + charts = append(charts, chart) + +- releaseSpec := &helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ releaseSpec := &helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: existing.chartName, + Version: existing.chartSpecVersion, +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ ++ SourceRef: helmv2.CrossNamespaceObjectReference{ + Name: existing.repoName, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + Namespace: existing.repoNamespace, + }, + }, +@@ -1217,8 +1217,8 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + return charts, releases, cleanup + } + +-func newRelease(meta metav1.ObjectMeta, spec *helmv2beta2.HelmReleaseSpec, status *helmv2beta2.HelmReleaseStatus) helmv2beta2.HelmRelease { +- helmRelease := helmv2beta2.HelmRelease{ ++func newRelease(meta metav1.ObjectMeta, spec *helmv2.HelmReleaseSpec, status *helmv2.HelmReleaseStatus) helmv2.HelmRelease { ++ helmRelease := helmv2.HelmRelease{ + ObjectMeta: meta, + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go +index 790b21514..5154ed7f7 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go +@@ -18,7 +18,7 @@ import ( + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/k8sutils" + + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" +@@ -52,7 +52,7 @@ var ( + // returns a list of HelmRepositories from specified namespace. + // ns can be "", in which case all namespaces (cluster-wide), excluding + // the ones that the caller has no read access to +-func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, ns string) ([]sourcev1beta2.HelmRepository, error) { ++func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, ns string) ([]sourcev1.HelmRepository, error) { + // the actual List(...) call will be executed in the context of + // kubeapps-internal-kubeappsapis service account + // ref https://github.com/vmware-tanzu/kubeapps/issues/4390 for explanation +@@ -62,7 +62,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + return nil, err + } + +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + listOptions := ctrlclient.ListOptions{ + Namespace: ns, + } +@@ -83,7 +83,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + return nil, err + } + } +- items := []sourcev1beta2.HelmRepository{} ++ items := []sourcev1.HelmRepository{} + for _, item := range repoList.Items { + if allowedNamespaces.Has(item.GetNamespace()) { + items = append(items, item) +@@ -93,7 +93,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + } + } + +-func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1beta2.HelmRepository, error) { ++func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1.HelmRepository, error) { + // unlike List(), there is no need to execute Get() in the context of + // kubeapps-internal-kubeappsapis service account and then filter out results based on + // whether or not the caller hasAccessToNamespace(). We can just pass the caller +@@ -103,7 +103,7 @@ func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key + if err != nil { + return nil, err + } +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if err = client.Get(ctx, key, &repo); err != nil { + return nil, connecterror.FromK8sError("get", "HelmRepository", key.String(), err) + } +@@ -111,7 +111,7 @@ func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key + } + + // regexp expressions are used for matching actual names against expected patters +-func (s *Server) filterReadyReposByName(repoList []sourcev1beta2.HelmRepository, match []string) (sets.Set[string], error) { ++func (s *Server) filterReadyReposByName(repoList []sourcev1.HelmRepository, match []string) (sets.Set[string], error) { + if s.repoCache == nil { + return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("Server cache has not been properly initialized")) + } +@@ -232,7 +232,7 @@ func (s *Server) newRepo(ctx context.Context, request *connect.Request[corev1.Ad + } + + typ := request.Msg.GetType() +- if typ != "helm" && typ != sourcev1beta2.HelmRepositoryTypeOCI { ++ if typ != "helm" && typ != sourcev1.HelmRepositoryTypeOCI { + return nil, connect.NewError(connect.CodeUnimplemented, fmt.Errorf("Repository type [%s] not supported", typ)) + } + +@@ -323,7 +323,7 @@ func (s *Server) repoDetail(ctx context.Context, headers http.Header, repoRef *c + // will have a FluxPackageRepositoryCustomDetail in it. Flux spec already clearly states + // If you do not specify .spec.provider, it defaults to generic. + // https://fluxcd.io/flux/components/source/helmrepositories/#provider +- if repo.Spec.Provider != "" && repo.Spec.Provider != sourcev1beta2.GenericOCIProvider { ++ if repo.Spec.Provider != "" && repo.Spec.Provider != "generic" { + if customDetail, err = anypb.New(&v1alpha1.FluxPackageRepositoryCustomDetail{ + Provider: repo.Spec.Provider, + }); err != nil { +@@ -357,7 +357,7 @@ func (s *Server) repoDetail(ctx context.Context, headers http.Header, repoRef *c + + func (s *Server) repoSummaries(ctx context.Context, headers http.Header, ns string) ([]*corev1.PackageRepositorySummary, error) { + summaries := []*corev1.PackageRepositorySummary{} +- var repos []sourcev1beta2.HelmRepository ++ var repos []sourcev1.HelmRepository + var err error + if ns == apiv1.NamespaceAll { + if repos, err = s.listReposInNamespace(ctx, headers, ns); err != nil { +@@ -368,7 +368,7 @@ func (s *Server) repoSummaries(ctx context.Context, headers http.Header, ns stri + // namely, if a specific namespace is passed in, we need to list repos in that namespace + // and if the caller happens not to have 'read' access to that namespace, a PermissionDenied + // error should be raised, as opposed to returning an empty list with no error +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + var client ctrlclient.Client + if client, err = s.getClient(headers, ns); err != nil { + return nil, err +@@ -491,7 +491,7 @@ func (s *Server) updateRepo(ctx context.Context, repoRef *corev1.PackageReposito + // process and the current status no longer applies. metadata and spec I want + // to keep, as they may have had added labels and/or annotations and/or + // even other changes made by the user. +- repo.Status = sourcev1beta2.HelmRepositoryStatus{} ++ repo.Status = sourcev1.HelmRepositoryStatus{} + + if client, err := s.getClient(request.Header(), key.Namespace); err != nil { + return nil, err +@@ -529,7 +529,7 @@ func (s *Server) deleteRepo(ctx context.Context, headers http.Header, repoRef *c + // For kubeapps-managed secrets environment secrets will be deleted (garbage-collected) + // when the owner repo is deleted + +- repo := &sourcev1beta2.HelmRepository{ ++ repo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: repoRef.Identifier, + Namespace: repoRef.Context.Namespace, +@@ -562,10 +562,10 @@ func (s *repoEventSink) onAddRepo(key string, obj ctrlclient.Object) (interface{ + log.V(4).Infof("+onAddRepo(%s)", key) + defer log.V(4).Info("-onAddRepo()") + +- if repo, ok := obj.(*sourcev1beta2.HelmRepository); !ok { +- return nil, false, fmt.Errorf("expected an instance of *sourcev1beta2.HelmRepository, got: %T", obj) ++ if repo, ok := obj.(*sourcev1.HelmRepository); !ok { ++ return nil, false, fmt.Errorf("expected an instance of *sourcev1.HelmRepository, got: %T", obj) + } else if isRepoReady(*repo) { +- if repo.Spec.Type == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repo.Spec.Type == sourcev1.HelmRepositoryTypeOCI { + return s.onAddOciRepo(*repo) + } else { + return s.onAddHttpRepo(*repo) +@@ -579,7 +579,7 @@ func (s *repoEventSink) onAddRepo(key string, obj ctrlclient.Object) (interface{ + } + + // ref https://fluxcd.io/docs/components/source/helmrepositories/#status +-func (s *repoEventSink) onAddHttpRepo(repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onAddHttpRepo(repo sourcev1.HelmRepository) ([]byte, bool, error) { + if artifact := repo.GetArtifact(); artifact != nil { + if checksum := artifact.Digest; checksum == "" { + return nil, false, connect.NewError(connect.CodeInternal, +@@ -595,7 +595,7 @@ func (s *repoEventSink) onAddHttpRepo(repo sourcev1beta2.HelmRepository) ([]byte + } + } + +-func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1.HelmRepository) ([]byte, bool, error) { + charts, err := s.indexOneRepo(repo) + if err != nil { + return nil, false, err +@@ -637,7 +637,7 @@ func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1beta2.HelmR + + // it is assumed the caller has already checked that this repo is ready + // At present, there is only one caller of indexOneRepo() and this check is already done by it +-func (s *repoEventSink) indexOneRepo(repo sourcev1beta2.HelmRepository) ([]models.Chart, error) { ++func (s *repoEventSink) indexOneRepo(repo sourcev1.HelmRepository) ([]models.Chart, error) { + startTime := time.Now() + + // ref https://fluxcd.io/docs/components/source/helmrepositories/#status +@@ -698,12 +698,12 @@ func (s *repoEventSink) indexOneRepo(repo sourcev1beta2.HelmRepository) ([]model + + // onModifyRepo essentially tells the cache whether or not to and what to store for a given key + func (s *repoEventSink) onModifyRepo(key string, obj ctrlclient.Object, oldValue interface{}) (interface{}, bool, error) { +- if repo, ok := obj.(*sourcev1beta2.HelmRepository); !ok { +- return nil, false, fmt.Errorf("expected an instance of *sourcev1beta2.HelmRepository, got: %T", obj) ++ if repo, ok := obj.(*sourcev1.HelmRepository); !ok { ++ return nil, false, fmt.Errorf("expected an instance of *sourcev1.HelmRepository, got: %T", obj) + } else if isRepoReady(*repo) { + // first check the repo is ready + +- if repo.Spec.Type == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repo.Spec.Type == sourcev1.HelmRepositoryTypeOCI { + return s.onModifyOciRepo(key, oldValue, *repo) + } else { + return s.onModifyHttpRepo(key, oldValue, *repo) +@@ -716,7 +716,7 @@ func (s *repoEventSink) onModifyRepo(key string, obj ctrlclient.Object, oldValue + } + } + +-func (s *repoEventSink) onModifyHttpRepo(key string, oldValue interface{}, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onModifyHttpRepo(key string, oldValue interface{}, repo sourcev1.HelmRepository) ([]byte, bool, error) { + // We should to compare checksums on what's stored in the cache + // vs the modified object to see if the contents has really changed before embarking on + // expensive operation indexOneRepo() below. +@@ -796,7 +796,7 @@ func (s *repoEventSink) fromKey(key string) (*types.NamespacedName, error) { + return &types.NamespacedName{Namespace: parts[1], Name: parts[2]}, nil + } + +-func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1beta2.HelmRepository) (*apiv1.Secret, error) { ++func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1.HelmRepository) (*apiv1.Secret, error) { + if repo.Spec.SecretRef == nil { + return nil, nil + } +@@ -825,7 +825,7 @@ func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1beta2.He + + // The reason I do this here is to set up auth that may be needed to fetch chart tarballs by + // ChartCache +-func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourcev1beta2.HelmRepository) (*common.HttpClientOptions, error) { ++func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourcev1.HelmRepository) (*common.HttpClientOptions, error) { + if secret, err := s.getRepoSecret(ctx, repo); err == nil && secret != nil { + return common.HttpClientOptionsFromSecret(*secret) + } else { +@@ -837,7 +837,7 @@ func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourc + // repo-related utilities + // + +-func isRepoReady(repo sourcev1beta2.HelmRepository) bool { ++func isRepoReady(repo sourcev1.HelmRepository) bool { + // see docs at https://fluxcd.io/docs/components/source/helmrepositories/ + // Confirm the state we are observing is for the current generation + if !checkRepoGeneration(repo) { +@@ -854,7 +854,7 @@ func isRepoReady(repo sourcev1beta2.HelmRepository) bool { + // - reason: if present + // docs: + // 1. https://fluxcd.io/docs/components/source/helmrepositories/#status-examples +-func isHelmRepositoryReady(repo sourcev1beta2.HelmRepository) (complete bool, success bool, reason string) { ++func isHelmRepositoryReady(repo sourcev1.HelmRepository) (complete bool, success bool, reason string) { + // flux source-controller v1beta2 API made a change so that we can no longer + // rely on a simple "metadata.generation" vs "status.observedGeneration" check for a + // quick answer. The resource may now exist with "observedGeneration": -1 either in +@@ -882,7 +882,7 @@ func isHelmRepositoryReady(repo sourcev1beta2.HelmRepository) (complete bool, su + return false, false, reason + } + +-func repoStatus(repo sourcev1beta2.HelmRepository) *corev1.PackageRepositoryStatus { ++func repoStatus(repo sourcev1.HelmRepository) *corev1.PackageRepositoryStatus { + complete, success, reason := isHelmRepositoryReady(repo) + s := &corev1.PackageRepositoryStatus{ + Ready: complete && success, +@@ -899,7 +899,7 @@ func repoStatus(repo sourcev1beta2.HelmRepository) *corev1.PackageRepositoryStat + return s + } + +-func checkRepoGeneration(repo sourcev1beta2.HelmRepository) bool { ++func checkRepoGeneration(repo sourcev1.HelmRepository) bool { + generation := repo.GetGeneration() + observedGeneration := repo.Status.ObservedGeneration + return generation > 0 && generation == observedGeneration +@@ -914,7 +914,7 @@ func newFluxHelmRepo( + interval string, + secret *apiv1.Secret, + passCredentials bool, +- provider string) (*sourcev1beta2.HelmRepository, error) { ++ provider string) (*sourcev1.HelmRepository, error) { + pollInterval := defaultPollInterval + if interval != "" { + if duration, err := pkgutils.ToDuration(interval); err != nil { +@@ -923,18 +923,18 @@ func newFluxHelmRepo( + pollInterval = *duration + } + } +- fluxRepo := &sourcev1beta2.HelmRepository{ ++ fluxRepo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: targetName.Name, + Namespace: targetName.Namespace, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: url, + Interval: pollInterval, + }, + } +- if typ == sourcev1beta2.HelmRepositoryTypeOCI { +- fluxRepo.Spec.Type = sourcev1beta2.HelmRepositoryTypeOCI ++ if typ == sourcev1.HelmRepositoryTypeOCI { ++ fluxRepo.Spec.Type = sourcev1.HelmRepositoryTypeOCI + } + if desc != "" { + k8sutils.SetDescription(&fluxRepo.ObjectMeta, desc) +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go +index 517a503ec..f811e0297 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go +@@ -10,7 +10,7 @@ import ( + "net/http" + + "github.com/bufbuild/connect-go" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/connecterror" + "github.com/vmware-tanzu/kubeapps/pkg/kube" +@@ -79,7 +79,7 @@ func (s *Server) handleRepoSecretForCreate( + func (s *Server) handleRepoSecretForUpdate( + ctx context.Context, + headers http.Header, +- repo *sourcev1beta2.HelmRepository, ++ repo *sourcev1.HelmRepository, + newTlsConfig *corev1.PackageRepositoryTlsConfig, + newAuth *corev1.PackageRepositoryAuth) (updatedSecret *apiv1.Secret, isKubeappsManagedSecret bool, isSecretUpdated bool, err error) { + +@@ -208,7 +208,7 @@ func (s *Server) validateUserManagedRepoSecret( + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Specified secret [%s] missing fields 'username' and/or 'password'", secretRef)) + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_TLS: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + // ref https://fluxcd.io/flux/components/source/helmrepositories/#tls-authentication + // Note: TLS authentication is not yet supported by OCI Helm repositories. + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Package repository authentication type %q is not supported for OCI repositories", auth.Type)) +@@ -218,7 +218,7 @@ func (s *Server) validateUserManagedRepoSecret( + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_DOCKER_CONFIG_JSON: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + if secret.Data[apiv1.DockerConfigJsonKey] == nil { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Specified secret [%s] missing field '%s'", secretRef, apiv1.DockerConfigJsonKey)) + } +@@ -251,7 +251,7 @@ func (s *Server) setOwnerReferencesForRepoSecret( + ctx context.Context, + headers http.Header, + secret *apiv1.Secret, +- repo *sourcev1beta2.HelmRepository) error { ++ repo *sourcev1.HelmRepository) error { + + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 + if repo.Spec.SecretRef != nil && secret != nil { +@@ -263,9 +263,9 @@ func (s *Server) setOwnerReferencesForRepoSecret( + *metav1.NewControllerRef( + repo, + schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind, + }), + } + if _, err := secretsInterface.Update(ctx, secret, metav1.UpdateOptions{}); err != nil { +@@ -276,7 +276,7 @@ func (s *Server) setOwnerReferencesForRepoSecret( + return nil + } + +-func (s *Server) getRepoTlsConfigAndAuth(ctx context.Context, headers http.Header, repo sourcev1beta2.HelmRepository) (*corev1.PackageRepositoryTlsConfig, *corev1.PackageRepositoryAuth, error) { ++func (s *Server) getRepoTlsConfigAndAuth(ctx context.Context, headers http.Header, repo sourcev1.HelmRepository) (*corev1.PackageRepositoryTlsConfig, *corev1.PackageRepositoryAuth, error) { + var tlsConfig *corev1.PackageRepositoryTlsConfig + var auth *corev1.PackageRepositoryAuth + +@@ -385,7 +385,7 @@ func newSecretFromTlsConfigAndAuth(repoName types.NamespacedName, + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_TLS: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + // ref https://fluxcd.io/flux/components/source/helmrepositories/#tls-authentication + // Note: TLS authentication is not yet supported by OCI Helm repositories. + return nil, false, connect.NewError(connect.CodeInternal, fmt.Errorf("Package repository authentication type %q is not supported for OCI repositories", auth.Type)) +@@ -413,7 +413,7 @@ func newSecretFromTlsConfigAndAuth(repoName types.NamespacedName, + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_DOCKER_CONFIG_JSON: +- if repoType != sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType != sourcev1.HelmRepositoryTypeOCI { + return nil, false, connect.NewError(connect.CodeInternal, fmt.Errorf("Unsupported package repository authentication type: %q", auth.Type)) + } + +@@ -569,7 +569,7 @@ func getRepoTlsConfigAndAuthWithKubeappsManagedSecrets(secret *apiv1.Secret) (*c + return tlsConfig, auth, nil + } + +-func isSecretKubeappsManaged(secret *apiv1.Secret, repo *sourcev1beta2.HelmRepository) bool { ++func isSecretKubeappsManaged(secret *apiv1.Secret, repo *sourcev1.HelmRepository) bool { + if !metav1.IsControlledBy(secret, repo) { + return false + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go +index e90758d47..23d9e3e68 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go +@@ -19,7 +19,7 @@ import ( + "github.com/bufbuild/connect-go" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redismock/v8" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" +@@ -414,7 +414,7 @@ func TestGetAvailablePackageSummariesWithoutPagination(t *testing.T) { + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + + for _, rs := range tc.repos { + ts2, repo, err := newHttpRepoAndServeIndex(rs.index, rs.name, rs.namespace, nil, "") +@@ -479,7 +479,7 @@ func TestGetAvailablePackageSummariesWithPagination(t *testing.T) { + index: testYaml("index-with-categories.yaml"), + }, + } +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + for _, rs := range existingRepos { + ts2, repo, err := newHttpRepoAndServeIndex(rs.index, rs.name, rs.namespace, nil, "") + if err != nil { +@@ -616,12 +616,12 @@ func TestGetAvailablePackageSummaryAfterRepoIndexUpdate(t *testing.T) { + })) + defer ts.Close() + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -640,7 +640,7 @@ func TestGetAvailablePackageSummaryAfterRepoIndexUpdate(t *testing.T) { + repoName := types.NamespacedName{Namespace: "ns2", Name: "testrepo"} + repo := newRepo(repoName.Name, repoName.Namespace, repoSpec, repoStatus) + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -752,7 +752,7 @@ func TestGetAvailablePackageSummaryAfterFluxHelmRepoDelete(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -847,7 +847,7 @@ func TestGetAvailablePackageSummaryAfterCacheResync(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{*repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -932,7 +932,7 @@ func TestGetAvailablePackageSummariesAfterCacheResyncQueueNotIdle(t *testing.T) + } + + // first, I'd like to fill up the work queue with a whole bunch of work items +- repos := []*sourcev1beta2.HelmRepository{} ++ repos := []*sourcev1.HelmRepository{} + mapReposCached := make(map[string][]byte) + keysInOrder := []string{} + +@@ -1181,7 +1181,7 @@ func TestAddPackageRepository(t *testing.T) { + name string + request *corev1.AddPackageRepositoryRequest + expectedResponse *corev1.AddPackageRepositoryResponse +- expectedRepo *sourcev1beta2.HelmRepository ++ expectedRepo *sourcev1.HelmRepository + errorCode connect.Code + existingSecret *apiv1.Secret + expectedCreatedSecret *apiv1.Secret +@@ -1411,7 +1411,7 @@ func TestAddPackageRepository(t *testing.T) { + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else { +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if err = ctrlClient.Get(ctx, nsname, &actualRepo); err != nil { + t.Fatal(err) + } else { +@@ -1429,7 +1429,7 @@ func TestAddPackageRepository(t *testing.T) { + } + } else { + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +- opt1 := cmpopts.IgnoreFields(sourcev1beta2.HelmRepositorySpec{}, "SecretRef") ++ opt1 := cmpopts.IgnoreFields(sourcev1.HelmRepositorySpec{}, "SecretRef") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -1637,7 +1637,7 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + secretRef = tc.repoSecret.Name + secrets = append(secrets, tc.repoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending && !tc.failed { + var ts *httptest.Server + var err error +@@ -1647,11 +1647,11 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + } + defer ts.Close() + } else if tc.pending { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1665,11 +1665,11 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + repo1 := newRepo(tc.repoName, tc.repoNamespace, repoSpec, repoStatus) + repo = &repo1 + } else { // failed +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1686,7 +1686,7 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -1744,7 +1744,7 @@ func TestGetOciPackageRepositoryDetail(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, nil) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -1786,7 +1786,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + testCases := []struct { + name string + request *corev1.GetPackageRepositorySummariesRequest +- existingRepos []sourcev1beta2.HelmRepository ++ existingRepos []sourcev1.HelmRepository + expectedErrorCode connect.Code + expectedResponse *corev1.GetPackageRepositorySummariesResponse + }{ +@@ -1795,7 +1795,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + request: &corev1.GetPackageRepositorySummariesRequest{ + Context: &corev1.Context{}, + }, +- existingRepos: []sourcev1beta2.HelmRepository{ ++ existingRepos: []sourcev1.HelmRepository{ + get_summaries_repo_1, + get_summaries_repo_2, + get_summaries_repo_3, +@@ -1815,7 +1815,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + request: &corev1.GetPackageRepositorySummariesRequest{ + Context: &corev1.Context{Namespace: "foo"}, + }, +- existingRepos: []sourcev1beta2.HelmRepository{ ++ existingRepos: []sourcev1.HelmRepository{ + get_summaries_repo_1, + get_summaries_repo_2, + get_summaries_repo_3, +@@ -2124,7 +2124,7 @@ func TestUpdatePackageRepository(t *testing.T) { + if tc.newRepoSecret != nil { + secrets = append(secrets, tc.newRepoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending { + var ts *httptest.Server + var err error +@@ -2134,11 +2134,11 @@ func TestUpdatePackageRepository(t *testing.T) { + } + defer ts.Close() + } else { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2156,7 +2156,7 @@ func TestUpdatePackageRepository(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -2219,7 +2219,7 @@ func TestUpdatePackageRepository(t *testing.T) { + + // check the created/updated secret + if tc.expectedCreatedSecret != nil { +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if err = ctrlClient.Get(ctx, types.NamespacedName{Namespace: tc.repoNamespace, Name: tc.repoName}, &actualRepo); err != nil { + t.Fatal(err) + } +@@ -2285,7 +2285,7 @@ func TestDeletePackageRepository(t *testing.T) { + if tc.newRepoSecret != nil { + secrets = append(secrets, tc.newRepoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending { + var ts *httptest.Server + var err error +@@ -2295,11 +2295,11 @@ func TestDeletePackageRepository(t *testing.T) { + } + defer ts.Close() + } else { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2317,7 +2317,7 @@ func TestDeletePackageRepository(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -2331,7 +2331,7 @@ func TestDeletePackageRepository(t *testing.T) { + Namespace: tc.request.PackageRepoRef.Context.Namespace, + Name: tc.request.PackageRepoRef.Identifier, + } +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if tc.expectedErrorCode == 0 { + if err = ctrlClient.Get(ctx, nsname, &actualRepo); err != nil { + t.Fatal(err) +@@ -2414,7 +2414,7 @@ func TestGetOciAvailablePackageSummariesWithoutPagination(t *testing.T) { + t.Run(tc.name, func(t *testing.T) { + initOciFakeClientBuilder(t, *tc.seedData) + +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + + for _, rs := range tc.repos { + repo, err := newOciRepo(rs.repoName, rs.repoNamespace, rs.repoUrl) +@@ -2451,8 +2451,8 @@ func TestGetOciAvailablePackageSummariesWithoutPagination(t *testing.T) { + } + } + +-func newRepo(name string, namespace string, spec *sourcev1beta2.HelmRepositorySpec, status *sourcev1beta2.HelmRepositoryStatus) sourcev1beta2.HelmRepository { +- helmRepository := sourcev1beta2.HelmRepository{ ++func newRepo(name string, namespace string, spec *sourcev1.HelmRepositorySpec, status *sourcev1.HelmRepositoryStatus) sourcev1.HelmRepository { ++ helmRepository := sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Generation: 1, +@@ -2489,7 +2489,7 @@ func newRepo(name string, namespace string, spec *sourcev1beta2.HelmRepositorySp + + // these functions should affect only unit test, not production code + // does a series of mock.ExpectGet(...) +-func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filterOptions *corev1.FilterOptions, repos ...sourcev1beta2.HelmRepository) error { ++func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filterOptions *corev1.FilterOptions, repos ...sourcev1.HelmRepository) error { + mapVals := make(map[string][]byte) + ociRepoKeys := sets.Set[string]{} + for _, r := range repos { +@@ -2532,7 +2532,7 @@ func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filt + return nil + } + +-func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1beta2.HelmRepository, oldValue []byte) (key string, bytes []byte, err error) { ++func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1.HelmRepository, oldValue []byte) (key string, bytes []byte, err error) { + bg := &clientgetter.FixedClusterClientProvider{ClientsFunc: func(ctx context.Context) (*clientgetter.ClientGetter, error) { + return s.clientGetter.GetClients(http.Header{}, s.kubeappsCluster) + }} +@@ -2540,7 +2540,7 @@ func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo source + return sinkNoCache.redisMockSetValueForRepo(mock, repo, oldValue) + } + +-func (sink *repoEventSink) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1beta2.HelmRepository, oldValue []byte) (key string, newValue []byte, err error) { ++func (sink *repoEventSink) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1.HelmRepository, oldValue []byte) (key string, newValue []byte, err error) { + if key, newValue, err = sink.redisKeyValueForRepo(repo); err != nil { + if oldValue == nil { + mock.ExpectGet(key).RedisNil() +@@ -2565,7 +2565,7 @@ func redisMockSetValueForRepo(mock redismock.ClientMock, key string, newValue, o + mock.ExpectInfo("memory").SetVal("used_memory_rss_human:NA\r\nmaxmemory_human:NA") + } + +-func (s *Server) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key string, byteArray []byte, err error) { ++func (s *Server) redisKeyValueForRepo(r sourcev1.HelmRepository) (key string, byteArray []byte, err error) { + cg := &clientgetter.FixedClusterClientProvider{ClientsFunc: func(ctx context.Context) (*clientgetter.ClientGetter, error) { + return s.clientGetter.GetClients(http.Header{}, s.kubeappsCluster) + }} +@@ -2573,7 +2573,7 @@ func (s *Server) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key strin + return sinkNoChartCache.redisKeyValueForRepo(r) + } + +-func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key string, byteArray []byte, err error) { ++func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1.HelmRepository) (key string, byteArray []byte, err error) { + if key, err = redisKeyForRepo(r); err != nil { + return key, nil, err + } else { +@@ -2591,7 +2591,7 @@ func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) + } + } + +-func redisKeyForRepo(r sourcev1beta2.HelmRepository) (string, error) { ++func redisKeyForRepo(r sourcev1.HelmRepository) (string, error) { + // redis convention on key format + // https://redis.io/topics/data-types-intro + // Try to stick with a schema. For instance "object-type:id" is a good idea, as in "user:1000". +@@ -2612,7 +2612,7 @@ func redisKeyForRepoNamespacedName(name types.NamespacedName) (string, error) { + return fmt.Sprintf("%s:%s:%s", fluxHelmRepositories, name.Namespace, name.Name), nil + } + +-func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replaceUrls map[string]string, secretRef string) (*httptest.Server, *sourcev1beta2.HelmRepository, error) { ++func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replaceUrls map[string]string, secretRef string) (*httptest.Server, *sourcev1.HelmRepository, error) { + indexYAMLBytes, err := os.ReadFile(repoIndex) + if err != nil { + return nil, nil, err +@@ -2631,7 +2631,7 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + fmt.Fprintln(w, string(indexYAMLBytes)) + })) + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +@@ -2644,7 +2644,7 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + revision := "651f952130ea96823711d08345b85e82be011dc6" + sz := int64(31989) + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Path: fmt.Sprintf("helmrepository/%s/%s/index-%s.yaml", repoNamespace, repoName, revision), + Digest: revision, +@@ -2669,16 +2669,16 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + return ts, &repo, nil + } + +-func newOciRepo(repoName, repoNamespace, repoUrl string) (*sourcev1beta2.HelmRepository, error) { ++func newOciRepo(repoName, repoNamespace, repoUrl string) (*sourcev1.HelmRepository, error) { + timeout := metav1.Duration{Duration: 60 * time.Second} +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: repoUrl, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + Timeout: &timeout, + Type: "oci", + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go +index 53fac6474..ef3d506b3 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go +@@ -13,8 +13,8 @@ import ( + + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/helm" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + authorizationv1 "k8s.io/api/authorization/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +@@ -89,11 +89,11 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string, + + // register the GitOps Toolkit schema definitions + scheme := runtime.NewScheme() +- err = sourcev1beta2.AddToScheme(scheme) ++ err = sourcev1.AddToScheme(scheme) + if err != nil { + log.Fatalf("%s", err) + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + log.Fatalf("%s", err) + } +@@ -112,11 +112,11 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string, + OnGetFunc: s.onGetRepo, + OnDeleteFunc: s.onDeleteRepo, + OnResyncFunc: s.onResync, +- NewObjFunc: func() ctrlclient.Object { return &sourcev1beta2.HelmRepository{} }, +- NewListFunc: func() ctrlclient.ObjectList { return &sourcev1beta2.HelmRepositoryList{} }, ++ NewObjFunc: func() ctrlclient.Object { return &sourcev1.HelmRepository{} }, ++ NewListFunc: func() ctrlclient.ObjectList { return &sourcev1.HelmRepositoryList{} }, + ListItemsFunc: func(ol ctrlclient.ObjectList) []ctrlclient.Object { +- if hl, ok := ol.(*sourcev1beta2.HelmRepositoryList); !ok { +- log.Errorf("Expected: *sourcev1beta2.HelmRepositoryList, got: %T", ol) ++ if hl, ok := ol.(*sourcev1.HelmRepositoryList); !ok { ++ log.Errorf("Expected: *sourcev1.HelmRepositoryList, got: %T", ol) + return nil + } else { + ret := make([]ctrlclient.Object, len(hl.Items)) +@@ -619,7 +619,7 @@ func (s *Server) GetPackageRepositoryPermissions(ctx context.Context, request *c + } + + resource := schema.GroupResource{ +- Group: sourcev1beta2.GroupVersion.Group, ++ Group: sourcev1.GroupVersion.Group, + Resource: fluxHelmRepositories, + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go +index abed61c06..14278399e 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go +@@ -13,9 +13,9 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/go-redis/redismock/v8" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -46,13 +46,13 @@ import ( + func TestGetAvailablePackagesStatus(t *testing.T) { + testCases := []struct { + name string +- repo sourcev1beta2.HelmRepository ++ repo sourcev1.HelmRepository + statusCode codes.Code + }{ + { + name: "returns without error if response status does not contain conditions", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +@@ -62,21 +62,21 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if response status does not contain conditions (2)", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{}), ++ &sourcev1.HelmRepositoryStatus{}), + statusCode: codes.OK, + }, + { + name: "returns without error if response does not contain ready repos", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -91,7 +91,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + name: "returns without error if repo object does not contain namespace", + repo: newRepo("test", "", + nil, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -106,7 +106,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + name: "returns without error if repo object contains default spec", + repo: newRepo("test", "default", + nil, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -120,8 +120,8 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if repo object does not contain spec url", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{}, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositorySpec{}, ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -135,11 +135,11 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if repo object does not contain status url", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -154,7 +154,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{tc.repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{tc.repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -204,11 +204,11 @@ type testSpecChartWithUrl struct { + numRetries int + } + +-func newSimpleServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository) (*Server, redismock.ClientMock, error) { ++func newSimpleServerWithRepos(t *testing.T, repos []sourcev1.HelmRepository) (*Server, redismock.ClientMock, error) { + return newServerWithRepos(t, repos, nil, nil) + } + +-func newServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository, charts []testSpecChartWithUrl, secrets []runtime.Object) (*Server, redismock.ClientMock, error) { ++func newServerWithRepos(t *testing.T, repos []sourcev1.HelmRepository, charts []testSpecChartWithUrl, secrets []runtime.Object) (*Server, redismock.ClientMock, error) { + typedClient := typfake.NewSimpleClientset(secrets...) + + // ref https://stackoverflow.com/questions/68794562/kubernetes-fake-client-doesnt-handle-generatename-in-objectmeta/68794563#68794563 +@@ -243,7 +243,7 @@ func newServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository, char + return newServer(t, clientGetter, nil, repos, charts) + } + +-func newServerWithChartsAndReleases(t *testing.T, actionConfig *action.Configuration, charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease) (*Server, redismock.ClientMock, error) { ++func newServerWithChartsAndReleases(t *testing.T, actionConfig *action.Configuration, charts []sourcev1.HelmChart, releases []helmv2.HelmRelease) (*Server, redismock.ClientMock, error) { + typedClient := typfake.NewSimpleClientset() + // Creating an authorized clientGetter + typedClient.PrependReactor("create", "selfsubjectaccessreviews", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) { +@@ -316,7 +316,7 @@ func newHelmActionConfig(t *testing.T, namespace string, rels []helmReleaseStub) + func newServer(t *testing.T, + clientGetter clientgetter.ClientProviderInterface, + actionConfig *action.Configuration, +- repos []sourcev1beta2.HelmRepository, ++ repos []sourcev1.HelmRepository, + charts []testSpecChartWithUrl) (*Server, redismock.ClientMock, error) { + + stopCh := make(chan struct{}) +@@ -360,11 +360,11 @@ func newServer(t *testing.T, + OnGetFunc: sink.onGetRepo, + OnDeleteFunc: sink.onDeleteRepo, + OnResyncFunc: sink.onResync, +- NewObjFunc: func() ctrlclient.Object { return &sourcev1beta2.HelmRepository{} }, +- NewListFunc: func() ctrlclient.ObjectList { return &sourcev1beta2.HelmRepositoryList{} }, ++ NewObjFunc: func() ctrlclient.Object { return &sourcev1.HelmRepository{} }, ++ NewListFunc: func() ctrlclient.ObjectList { return &sourcev1.HelmRepositoryList{} }, + ListItemsFunc: func(ol ctrlclient.ObjectList) []ctrlclient.Object { +- if hl, ok := ol.(*sourcev1beta2.HelmRepositoryList); !ok { +- t.Fatalf("Expected: *sourcev1beta2.HelmRepositoryList, got: %T", ol) ++ if hl, ok := ol.(*sourcev1.HelmRepositoryList); !ok { ++ t.Fatalf("Expected: *sourcev1.HelmRepositoryList, got: %T", ol) + return nil + } else { + ret := make([]ctrlclient.Object, len(hl.Items)) +@@ -410,8 +410,8 @@ func newServer(t *testing.T, + func seedRepoCacheWithRepos(t *testing.T, + mock redismock.ClientMock, + sink repoEventSink, +- repos []sourcev1beta2.HelmRepository) map[string]sourcev1beta2.HelmRepository { +- okRepos := make(map[string]sourcev1beta2.HelmRepository) ++ repos []sourcev1.HelmRepository) map[string]sourcev1.HelmRepository { ++ okRepos := make(map[string]sourcev1.HelmRepository) + for _, r := range repos { + key, err := redisKeyForRepo(r) + if err != nil { +@@ -441,7 +441,7 @@ func seedChartCacheWithCharts(t *testing.T, + mock redismock.ClientMock, + sink repoEventSink, + stopCh <-chan struct{}, +- repos map[string]sourcev1beta2.HelmRepository, ++ repos map[string]sourcev1.HelmRepository, + charts []testSpecChartWithUrl) (*cache.ChartCache, func(), error) { + t.Logf("+seedChartCacheWithCharts(%v)", charts) + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go +index dfbcb10c8..8109f3f2f 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go +@@ -19,8 +19,8 @@ import ( + + k8stesting "k8s.io/client-go/testing" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -305,8 +305,8 @@ func setSecretOwnerRef(repoName string, secret *apiv1.Secret) *apiv1.Secret { + tRue := true + secret.OwnerReferences = []metav1.OwnerReference{ + { +- APIVersion: sourcev1beta2.GroupVersion.String(), +- Kind: sourcev1beta2.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, + Name: repoName, + Controller: &tRue, + BlockOwnerDeletion: &tRue, +@@ -353,45 +353,45 @@ func repoRef(id, namespace string) *corev1.PackageRepositoryReference { + } + } + +-func newCtrlClient(repos []sourcev1beta2.HelmRepository, charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease) withWatchWrapper { ++func newCtrlClient(repos []sourcev1.HelmRepository, charts []sourcev1.HelmChart, releases []helmv2.HelmRelease) withWatchWrapper { + // register the flux GitOps Toolkit schema definitions + scheme := runtime.NewScheme() +- err := sourcev1beta2.AddToScheme(scheme) ++ err := sourcev1.AddToScheme(scheme) + if err != nil { + log.Fatal(err) + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + log.Fatal(err) + } + +- rm := apimeta.NewDefaultRESTMapper([]schema.GroupVersion{sourcev1beta2.GroupVersion, helmv2beta2.GroupVersion}) ++ rm := apimeta.NewDefaultRESTMapper([]schema.GroupVersion{sourcev1.GroupVersion, helmv2.GroupVersion}) + rm.Add(schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind}, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind}, + apimeta.RESTScopeNamespace) + rm.Add(schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmChartKind}, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmChartKind}, + apimeta.RESTScopeNamespace) + rm.Add(schema.GroupVersionKind{ +- Group: helmv2beta2.GroupVersion.Group, +- Version: helmv2beta2.GroupVersion.Version, +- Kind: helmv2beta2.HelmReleaseKind}, ++ Group: helmv2.GroupVersion.Group, ++ Version: helmv2.GroupVersion.Version, ++ Kind: helmv2.HelmReleaseKind}, + apimeta.RESTScopeNamespace) + + ctrlClientBuilder := ctrlfake.NewClientBuilder().WithScheme(scheme).WithRESTMapper(rm) + initLists := []client.ObjectList{} + if len(repos) > 0 { +- initLists = append(initLists, &sourcev1beta2.HelmRepositoryList{Items: repos}) ++ initLists = append(initLists, &sourcev1.HelmRepositoryList{Items: repos}) + } + if len(charts) > 0 { +- initLists = append(initLists, &sourcev1beta2.HelmChartList{Items: charts}) ++ initLists = append(initLists, &sourcev1.HelmChartList{Items: charts}) + } + if len(releases) > 0 { +- initLists = append(initLists, &helmv2beta2.HelmReleaseList{Items: releases}) ++ initLists = append(initLists, &helmv2.HelmReleaseList{Items: releases}) + } + if len(initLists) > 0 { + ctrlClientBuilder = ctrlClientBuilder.WithLists(initLists...) +diff --git a/go.mod b/go.mod +index fe893591e..6d380a0cf 100644 +--- a/go.mod ++++ b/go.mod +@@ -3,7 +3,9 @@ + + module github.com/vmware-tanzu/kubeapps + +-go 1.22 ++go 1.22.0 ++ ++toolchain go1.22.2 + + require ( + carvel.dev/vendir v0.40.0 +@@ -18,11 +20,11 @@ require ( + github.com/disintegration/imaging v1.6.2 + github.com/distribution/reference v0.6.0 + github.com/docker/cli v26.0.0+incompatible +- github.com/fluxcd/helm-controller/api v0.37.4 +- github.com/fluxcd/pkg/apis/meta v1.4.0 +- github.com/fluxcd/pkg/oci v0.36.0 +- github.com/fluxcd/pkg/version v0.3.0 +- github.com/fluxcd/source-controller/api v1.2.5 ++ github.com/fluxcd/helm-controller/api v1.0.1 ++ github.com/fluxcd/pkg/apis/meta v1.5.0 ++ github.com/fluxcd/pkg/oci v0.37.1 ++ github.com/fluxcd/pkg/version v0.4.0 ++ github.com/fluxcd/source-controller/api v1.3.0 + github.com/go-redis/redis/v8 v8.11.5 + github.com/go-redis/redismock/v8 v8.11.5 + github.com/google/go-cmp v0.6.0 +@@ -52,28 +54,28 @@ require ( + google.golang.org/protobuf v1.33.0 + gopkg.in/yaml.v3 v3.0.1 + helm.sh/helm/v3 v3.14.3 +- k8s.io/api v0.29.3 +- k8s.io/apiextensions-apiserver v0.29.3 +- k8s.io/apimachinery v0.29.3 +- k8s.io/apiserver v0.29.3 ++ k8s.io/api v0.30.0 ++ k8s.io/apiextensions-apiserver v0.30.0 ++ k8s.io/apimachinery v0.30.0 ++ k8s.io/apiserver v0.30.0 + k8s.io/cli-runtime v0.29.3 +- k8s.io/client-go v0.29.3 ++ k8s.io/client-go v0.30.0 + k8s.io/klog/v2 v2.120.1 + k8s.io/kubectl v0.29.3 + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 + oras.land/oras-go v1.2.5 + oras.land/oras-go/v2 v2.5.0 +- sigs.k8s.io/controller-runtime v0.17.2 ++ sigs.k8s.io/controller-runtime v0.18.1 + sigs.k8s.io/yaml v1.4.0 + ) + + require ( + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect +- github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 // indirect +- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect ++ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect ++ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect +- github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect ++ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/MakeNowJust/heredoc v1.0.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect +@@ -82,8 +84,8 @@ require ( + github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect +- github.com/aws/aws-sdk-go-v2/config v1.27.10 // indirect +- github.com/aws/aws-sdk-go-v2/credentials v1.17.10 // indirect ++ github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect ++ github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect +@@ -91,7 +93,7 @@ require ( + github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect +- github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect ++ github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/smithy-go v1.20.2 // indirect +@@ -113,13 +115,13 @@ require ( + github.com/docker/go-metrics v0.0.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.7.0+incompatible // indirect +- github.com/evanphx/json-patch/v5 v5.8.0 // indirect ++ github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect + github.com/fatih/camelcase v1.0.0 // indirect + github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect +- github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect +- github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect ++ github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect ++ github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect + github.com/go-errors/errors v1.4.2 // indirect +@@ -131,7 +133,7 @@ require ( + github.com/go-openapi/swag v0.22.4 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/gogo/protobuf v1.3.2 // indirect +- github.com/golang-jwt/jwt/v5 v5.2.0 // indirect ++ github.com/golang-jwt/jwt/v5 v5.2.1 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.2 // indirect +@@ -217,19 +219,18 @@ require ( + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/image v0.10.0 // indirect +- golang.org/x/oauth2 v0.17.0 // indirect ++ golang.org/x/oauth2 v0.19.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect +- google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240325203815-454cdb8f5daa // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect +- k8s.io/component-base v0.29.3 // indirect +- k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e // indirect ++ k8s.io/component-base v0.30.0 // indirect ++ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect +diff --git a/go.sum b/go.sum +index 4e1af959d..0d7a395a6 100644 +--- a/go.sum ++++ b/go.sum +@@ -50,16 +50,16 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 + dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 h1:U/kwEXj0Y+1REAkV4kV8VO1CsEp8tSaQDG/7qC5XuqQ= +-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= +-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= ++github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= ++github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= ++github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= ++github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= +-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= ++github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= ++github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= + github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= + github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= + github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +@@ -103,10 +103,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= + github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= + github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +-github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro= +-github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs= +-github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10= +-github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI= ++github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= ++github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= ++github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= ++github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= +@@ -121,8 +121,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= +-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8= +-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= ++github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= ++github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= +@@ -243,8 +243,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 + github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= + github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= + github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +-github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +-github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= ++github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= ++github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= + github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= +@@ -256,20 +256,20 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= + github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= + github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= + github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +-github.com/fluxcd/helm-controller/api v0.37.4 h1:rkBMqYXexyf1s5BS8QpxGi691DsCi+yugIFCM5fNKLU= +-github.com/fluxcd/helm-controller/api v0.37.4/go.mod h1:KFdP5Lbrc4Vv+Jt4xRj6UUo3qiwdBqBPl1xiiAnBe9c= +-github.com/fluxcd/pkg/apis/acl v0.1.0 h1:EoAl377hDQYL3WqanWCdifauXqXbMyFuK82NnX6pH4Q= +-github.com/fluxcd/pkg/apis/acl v0.1.0/go.mod h1:zfEZzz169Oap034EsDhmCAGgnWlcWmIObZjYMusoXS8= +-github.com/fluxcd/pkg/apis/kustomize v1.3.0 h1:qvB46CfaOWcL1SyR2RiVWN/j7/035D0OtB1ltLN7rgI= +-github.com/fluxcd/pkg/apis/kustomize v1.3.0/go.mod h1:PCXf5kktTzNav0aH2Ns3jsowqwmA9xTcsrEOoPzx/K8= +-github.com/fluxcd/pkg/apis/meta v1.4.0 h1:nNdgB6FFHP3cubxZCViaCFDUVlAbpq9+hvKEIveOGMg= +-github.com/fluxcd/pkg/apis/meta v1.4.0/go.mod h1:81sZ01ShTuLc1C3M1dFJNkINareBysvmrO1b8zJFFKs= +-github.com/fluxcd/pkg/oci v0.36.0 h1:bC+Qkm6p8rN72McArNwYFjI9bt7M2vn6mnt7i/vOWv0= +-github.com/fluxcd/pkg/oci v0.36.0/go.mod h1:ocWsg1tjhjlIpdpdw0xZz7q9YQH8YzcrN1wi+Az0t7E= +-github.com/fluxcd/pkg/version v0.3.0 h1:+GSU3QKQK66Y09+cQMAEoyh7j4S0ZimXF6MyGgJwZB4= +-github.com/fluxcd/pkg/version v0.3.0/go.mod h1:NO3/EuKNn9g6aw9NN85Hdrz+5CVx90KZC6rPsOmgvVI= +-github.com/fluxcd/source-controller/api v1.2.5 h1:MgGrOfPh7Grhl40GUM9lEs+lmgTx3hLAwI0MVqaJkQ8= +-github.com/fluxcd/source-controller/api v1.2.5/go.mod h1:j3QSHpIPBP5sjaGIkVtsgWCx8JcOmcsutRmdJmRMOZg= ++github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= ++github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= ++github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= ++github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= ++github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= ++github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= ++github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= ++github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= ++github.com/fluxcd/pkg/oci v0.37.1 h1:p4rfCHZlBWL+Q5Xey51iiBRmoje0IevCBT0/r8iae3M= ++github.com/fluxcd/pkg/oci v0.37.1/go.mod h1:LrVuX6VACenJ5ycQJxec+I7YJegCsE4nzRUV+6RuxcY= ++github.com/fluxcd/pkg/version v0.4.0 h1:3F6oeIZ+ug/f7pALIBhcUhfURel37EPPOn7nsGfsnOg= ++github.com/fluxcd/pkg/version v0.4.0/go.mod h1:izVsSDxac81qWRmpOL9qcxZYx+zAN1ajoP5SidGP6PA= ++github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= ++github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= + github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= + github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= + github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +@@ -332,8 +332,8 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x + github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= + github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= + github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= ++github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= ++github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= + github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= + github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= + github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +@@ -650,14 +650,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv + github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= + github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= + github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +-github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +-github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= ++github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= ++github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= + github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= + github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= + github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= + github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= +-github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +-github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= ++github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= ++github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= + github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= + github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= + github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +@@ -931,8 +931,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= + golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= + golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= ++golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= ++golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= + golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= + golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= + golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +@@ -999,8 +999,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ + golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= + golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= + golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= ++golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= ++golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +@@ -1119,7 +1119,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= + golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +@@ -1188,8 +1187,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= + golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= + golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= + golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +-golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= ++golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= ++golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= + golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +@@ -1236,8 +1235,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww + google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= + google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= + google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= + google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= + google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= + google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +@@ -1393,24 +1390,24 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh + honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= + honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= + honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +-k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +-k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +-k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= +-k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= +-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +-k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE= +-k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs= ++k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= ++k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= ++k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= ++k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= ++k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= ++k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= ++k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= ++k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= + k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k= + k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM= +-k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +-k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +-k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= +-k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= ++k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= ++k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= ++k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= ++k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= + k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= + k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +-k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e h1:snPmy96t93RredGRjKfMFt+gvxuVAncqSAyBveJtr4Q= +-k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= ++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= ++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= + k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us= + k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4= + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +@@ -1422,8 +1419,8 @@ oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZH + rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= + rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= + rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +-sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +-sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= ++sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= ++sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= diff --git a/packages/system/dashboard/images/kubeapps-apis/labels.diff b/packages/system/dashboard/images/kubeapps-apis/labels.diff index 23bcdc93..e3b1823f 100644 --- a/packages/system/dashboard/images/kubeapps-apis/labels.diff +++ b/packages/system/dashboard/images/kubeapps-apis/labels.diff @@ -16,7 +16,7 @@ index c489cb6ca..8884a6484 100644 @@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, // see any results created/updated/deleted after the first request is issued // To fix this, we must make use of resourceVersion := relList.GetResourceVersion() - var relList helmv2beta2.HelmReleaseList + var relList helmv2.HelmReleaseList - if err = client.List(ctx, &relList); err != nil { + listOptions := ctrlclient.ListOptions{ + LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}), @@ -33,8 +33,8 @@ index c489cb6ca..8884a6484 100644 + "cozystack.io/ui": "true", + }, }, - Spec: helmv2beta2.HelmReleaseSpec{ - Chart: helmv2beta2.HelmChartTemplate{ + Spec: helmv2.HelmReleaseSpec{ + Chart: helmv2.HelmChartTemplate{ diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go index 790b21514..539276a17 100644 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go @@ -49,7 +49,7 @@ index 790b21514..539276a17 100644 log "k8s.io/klog/v2" @@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, - var repoList sourcev1beta2.HelmRepositoryList + var repoList sourcev1.HelmRepositoryList listOptions := ctrlclient.ListOptions{ - Namespace: ns, + Namespace: ns, @@ -65,5 +65,5 @@ index 790b21514..539276a17 100644 + "cozystack.io/ui": "true", + }, }, - Spec: sourcev1beta2.HelmRepositorySpec{ + Spec: sourcev1.HelmRepositorySpec{ URL: url, diff --git a/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff b/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff index f4f9b20a..74e3e738 100644 --- a/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff +++ b/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff @@ -3,7 +3,7 @@ index 8884a6484..4bf77071c 100644 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go @@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp - Kind: sourcev1beta2.HelmRepositoryKind, + Kind: sourcev1.HelmRepositoryKind, Namespace: chart.Repo.Namespace, }, + ReconcileStrategy: "Revision", diff --git a/packages/system/etcd-operator/Makefile b/packages/system/etcd-operator/Makefile index 0c82cdb9..5c0dee74 100644 --- a/packages/system/etcd-operator/Makefile +++ b/packages/system/etcd-operator/Makefile @@ -1,5 +1,5 @@ -NAME=etcd-operator -NAMESPACE=cozy-${NAME} +export NAME=etcd-operator +export NAMESPACE=cozy-${NAME} include ../../../scripts/package-system.mk diff --git a/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml b/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml index 36ad3b42..ca799e82 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml +++ b/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.2.0 +appVersion: v0.3.1 name: etcd-operator type: application -version: 0.2.0 +version: 0.3.1 diff --git a/packages/system/etcd-operator/charts/etcd-operator/README.md b/packages/system/etcd-operator/charts/etcd-operator/README.md index 729dab25..33838106 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/README.md +++ b/packages/system/etcd-operator/charts/etcd-operator/README.md @@ -1,63 +1,54 @@ # etcd-operator -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | +| affinity | object | `{}` | ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | | etcdOperator.args[0] | string | `"--health-probe-bind-address=:8081"` | | | etcdOperator.args[1] | string | `"--metrics-bind-address=127.0.0.1:8080"` | | | etcdOperator.args[2] | string | `"--leader-elect"` | | -| etcdOperator.envVars | object | `{}` | | -| etcdOperator.image.pullPolicy | string | `"IfNotPresent"` | | -| etcdOperator.image.repository | string | `"ghcr.io/aenix-io/etcd-operator"` | | -| etcdOperator.image.tag | string | `""` | | -| etcdOperator.livenessProbe.httpGet.path | string | `"/healthz"` | | -| etcdOperator.livenessProbe.httpGet.port | int | `8081` | | -| etcdOperator.livenessProbe.initialDelaySeconds | int | `15` | | -| etcdOperator.livenessProbe.periodSeconds | int | `20` | | -| etcdOperator.readinessProbe.httpGet.path | string | `"/readyz"` | | -| etcdOperator.readinessProbe.httpGet.port | int | `8081` | | -| etcdOperator.readinessProbe.initialDelaySeconds | int | `5` | | -| etcdOperator.readinessProbe.periodSeconds | int | `10` | | -| etcdOperator.resources.limits.cpu | string | `"500m"` | | -| etcdOperator.resources.limits.memory | string | `"128Mi"` | | -| etcdOperator.resources.requests.cpu | string | `"100m"` | | -| etcdOperator.resources.requests.memory | string | `"64Mi"` | | -| etcdOperator.securityContext.allowPrivilegeEscalation | bool | `false` | | -| etcdOperator.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| etcdOperator.service.port | int | `9443` | | -| etcdOperator.service.type | string | `"ClusterIP"` | | -| fullnameOverride | string | `""` | | +| etcdOperator.envVars | object | `{}` | Empty environment variables section | +| etcdOperator.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| etcdOperator.image.repository | string | `"ghcr.io/aenix-io/etcd-operator"` | Image repository | +| etcdOperator.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| etcdOperator.livenessProbe.httpGet.path | string | `"/healthz"` | Healthcheck liveness probe path | +| etcdOperator.livenessProbe.httpGet.port | int | `8081` | Healthcheck port | +| etcdOperator.livenessProbe.initialDelaySeconds | int | `15` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes | +| etcdOperator.livenessProbe.periodSeconds | int | `20` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes | +| etcdOperator.readinessProbe.httpGet.path | string | `"/readyz"` | Healthcheck readiness probe path | +| etcdOperator.readinessProbe.httpGet.port | int | `8081` | Healthcheck port | +| etcdOperator.readinessProbe.initialDelaySeconds | int | `5` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes | +| etcdOperator.readinessProbe.periodSeconds | int | `10` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes | +| etcdOperator.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| etcdOperator.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| etcdOperator.service.port | int | `9443` | Service port | +| etcdOperator.service.type | string | `"ClusterIP"` | Service type | +| fullnameOverride | string | `""` | Override a full name of helm release | | imagePullSecrets | list | `[]` | | | kubeRbacProxy.args[0] | string | `"--secure-listen-address=0.0.0.0:8443"` | | | kubeRbacProxy.args[1] | string | `"--upstream=http://127.0.0.1:8080/"` | | | kubeRbacProxy.args[2] | string | `"--logtostderr=true"` | | | kubeRbacProxy.args[3] | string | `"--v=0"` | | -| kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` | | -| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | -| kubeRbacProxy.image.tag | string | `"v0.16.0"` | | -| kubeRbacProxy.livenessProbe | object | `{}` | | -| kubeRbacProxy.readinessProbe | object | `{}` | | -| kubeRbacProxy.resources.limits.cpu | string | `"500m"` | | -| kubeRbacProxy.resources.limits.memory | string | `"128Mi"` | | -| kubeRbacProxy.resources.requests.cpu | string | `"100m"` | | -| kubeRbacProxy.resources.requests.memory | string | `"64Mi"` | | -| kubeRbacProxy.securityContext.allowPrivilegeEscalation | bool | `false` | | -| kubeRbacProxy.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| kubeRbacProxy.service.port | int | `8443` | | -| kubeRbacProxy.service.type | string | `"ClusterIP"` | | -| kubernetesClusterDomain | string | `"cluster.local"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| securityContext.runAsNonRoot | bool | `true` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| tolerations | list | `[]` | | +| kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | Image repository | +| kubeRbacProxy.image.tag | string | `"v0.16.0"` | Version of image | +| kubeRbacProxy.livenessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | +| kubeRbacProxy.readinessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | +| kubeRbacProxy.resources | object | `{"limits":{"cpu":"250m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| kubeRbacProxy.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| kubeRbacProxy.service.port | int | `8443` | Service port | +| kubeRbacProxy.service.type | string | `"ClusterIP"` | Service type | +| kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain prefix | +| nameOverride | string | `""` | Override a name of helm release | +| nodeSelector | object | `{}` | ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | +| podAnnotations | object | `{}` | ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | +| podLabels | object | `{}` | ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | +| podSecurityContext | object | `{}` | ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| replicaCount | int | `1` | Count of pod replicas | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| tolerations | list | `[]` | ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | diff --git a/packages/system/etcd-operator/charts/etcd-operator/README.md.gotmpl b/packages/system/etcd-operator/charts/etcd-operator/README.md.gotmpl new file mode 100644 index 00000000..e1c25058 --- /dev/null +++ b/packages/system/etcd-operator/charts/etcd-operator/README.md.gotmpl @@ -0,0 +1,19 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.typeBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/packages/system/etcd-operator/charts/etcd-operator/crds/etcd-cluster.yaml b/packages/system/etcd-operator/charts/etcd-operator/crds/etcd-cluster.yaml index 3abbf976..279e4b63 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/crds/etcd-cluster.yaml +++ b/packages/system/etcd-operator/charts/etcd-operator/crds/etcd-cluster.yaml @@ -3,7 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: etcd-operator-system/etcd-operator-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: etcdclusters.etcd.aenix.io spec: conversion: @@ -202,25 +202,43 @@ spec: security: description: Security describes security settings of etcd (authentication, certificates, rbac) properties: + enableAuth: + description: Section to enable etcd auth + type: boolean tls: description: Section for user-managed tls certificates properties: clientSecret: - description: Client certificate for etcd-operator to do maintenance. It is expected to have tls.crt and tls.key fields in the secret. + description: |- + Client certificate for etcd-operator to do maintenance. It is expected to have tls.crt and tls.key fields in the secret. + This secret must be created in the namespace with etcdCluster CR. type: string clientTrustedCASecret: - description: Trusted CA for client certificates that are provided by client to etcd. It is expected to have tls.crt field in the secret. + description: |- + Trusted CA for client certificates that are provided by client to etcd. It is expected to have ca.crt field in the secret. + This secret must be created in the namespace with etcdCluster CR. type: string peerSecret: - description: Certificate secret to secure peer-to-peer communication between etcd nodes. It is expected to have tls.crt and tls.key fields in the secret. + description: |- + Certificate secret to secure peer-to-peer communication between etcd nodes. It is expected to have tls.crt and tls.key fields in the secret. + This secret must be created in the namespace with etcdCluster CR. type: string peerTrustedCASecret: - description: Trusted CA certificate secret to secure peer-to-peer communication between etcd nodes. It is expected to have tls.crt field in the secret. + description: |- + Trusted CA certificate secret to secure peer-to-peer communication between etcd nodes. It is expected to have ca.crt field in the secret. + This secret must be created in the namespace with etcdCluster CR. type: string serverSecret: description: |- Server certificate secret to secure client-server communication. Is provided to the client who connects to etcd by client port (2379 by default). It is expected to have tls.crt and tls.key fields in the secret. + This secret must be created in the namespace with etcdCluster CR. + type: string + serverTrustedCASecret: + description: |- + Trusted CA for etcd server certificates for client-server communication. Is necessary to set trust between operator and etcd. + It is expected to have ca.crt field in the secret. If it is not specified, then insecure communication will be used. + This secret must be created in the namespace with etcdCluster CR. type: string type: object type: object @@ -581,6 +599,7 @@ spec: not set, the implementation will apply its default routing strategy. If set to "PreferClose", implementations should prioritize endpoints that are topologically close (e.g., same zone). + This is an alpha field and requires enabling ServiceTrafficDistribution feature. type: string type: description: |- diff --git a/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml b/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml index ccb982ac..6cc79370 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml +++ b/packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml @@ -17,6 +17,22 @@ rules: - patch - update - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch - apiGroups: - "" resources: diff --git a/packages/system/etcd-operator/charts/etcd-operator/templates/workload/deployment.yml b/packages/system/etcd-operator/charts/etcd-operator/templates/workload/deployment.yml index ece5bae8..17848ada 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/templates/workload/deployment.yml +++ b/packages/system/etcd-operator/charts/etcd-operator/templates/workload/deployment.yml @@ -58,6 +58,12 @@ spec: - configMapRef: name: {{ include "etcd-operator.fullname" . }}-env {{- end }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert diff --git a/packages/system/etcd-operator/charts/etcd-operator/values.schema.json b/packages/system/etcd-operator/charts/etcd-operator/values.schema.json index 97400378..65836a6b 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/values.schema.json +++ b/packages/system/etcd-operator/charts/etcd-operator/values.schema.json @@ -256,14 +256,6 @@ "replicaCount": { "type": "integer" }, - "securityContext": { - "properties": { - "runAsNonRoot": { - "type": "boolean" - } - }, - "type": "object" - }, "serviceAccount": { "properties": { "annotations": { @@ -281,4 +273,4 @@ } }, "type": "object" -} \ No newline at end of file +} diff --git a/packages/system/etcd-operator/charts/etcd-operator/values.yaml b/packages/system/etcd-operator/charts/etcd-operator/values.yaml index 9c9ff75a..dcef802b 100644 --- a/packages/system/etcd-operator/charts/etcd-operator/values.yaml +++ b/packages/system/etcd-operator/charts/etcd-operator/values.yaml @@ -1,98 +1,184 @@ etcdOperator: + image: + + # -- Image repository repository: ghcr.io/aenix-io/etcd-operator + + # -- Image pull policy pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + + # -- Overrides the image tag whose default is the chart appVersion. tag: "" + args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect + service: + + # -- Service type type: ClusterIP + + # -- Service port port: 9443 + + # -- Empty environment variables section envVars: {} + livenessProbe: + httpGet: + + # -- Healthcheck liveness probe path path: /healthz + + # -- Healthcheck port port: 8081 + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes initialDelaySeconds: 15 + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes periodSeconds: 20 + readinessProbe: + httpGet: + + # -- Healthcheck readiness probe path path: /readyz + + # -- Healthcheck port port: 8081 + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes initialDelaySeconds: 5 + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes periodSeconds: 10 + + # -- ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: - ALL kubeRbacProxy: + image: + + # -- Image repository repository: gcr.io/kubebuilder/kube-rbac-proxy + + # -- Image pull policy pullPolicy: IfNotPresent + + # -- Version of image tag: v0.16.0 + args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 - service: - type: ClusterIP - port: 8443 - livenessProbe: {} - readinessProbe: {} - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + service: + + # -- Service type + type: ClusterIP + + # -- Service port + port: 8443 + + # -- https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + livenessProbe: {} + + # -- https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: {} + + # -- ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + + limits: + + cpu: 250m + + memory: 128Mi + + requests: + + cpu: 100m + + memory: 64Mi + + # -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: + + allowPrivilegeEscalation: false + + capabilities: + + drop: + - ALL + +# -- Kubernetes cluster domain prefix kubernetesClusterDomain: cluster.local +# -- Count of pod replicas replicaCount: 1 imagePullSecrets: [] +# -- Override a name of helm release nameOverride: "" +# -- Override a full name of helm release fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + + # -- Annotations to add to the service account annotations: {} +# -- ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} +# -- ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} +# -- ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ podSecurityContext: {} # fsGroup: 2000 -securityContext: - runAsNonRoot: true - +# -- ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ nodeSelector: {} +# -- ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ tolerations: [] +# -- ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} diff --git a/packages/core/fluxcd/.helmignore b/packages/system/fluxcd-operator/.helmignore similarity index 100% rename from packages/core/fluxcd/.helmignore rename to packages/system/fluxcd-operator/.helmignore diff --git a/packages/system/fluxcd-operator/Chart.yaml b/packages/system/fluxcd-operator/Chart.yaml new file mode 100644 index 00000000..42ed3feb --- /dev/null +++ b/packages/system/fluxcd-operator/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-fluxcd-operator +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/fluxcd-operator/Makefile b/packages/system/fluxcd-operator/Makefile new file mode 100644 index 00000000..26cf39a7 --- /dev/null +++ b/packages/system/fluxcd-operator/Makefile @@ -0,0 +1,12 @@ +NAME=fluxcd-operator +NAMESPACE=cozy-fluxcd + +include ../../../scripts/package-system.mk + +apply-locally: + helm upgrade -i -n $(NAMESPACE) $(NAME) . + +update: + rm -rf charts + helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts + patch --no-backup-if-mismatch -p1 < patches/kubernetesEnvs.diff diff --git a/packages/core/fluxcd/charts/flux2/.helmignore b/packages/system/fluxcd-operator/charts/flux-operator/.helmignore similarity index 95% rename from packages/core/fluxcd/charts/flux2/.helmignore rename to packages/system/fluxcd-operator/charts/flux-operator/.helmignore index 98229532..f24ae1c9 100644 --- a/packages/core/fluxcd/charts/flux2/.helmignore +++ b/packages/system/fluxcd-operator/charts/flux-operator/.helmignore @@ -21,5 +21,4 @@ .idea/ *.tmproj .vscode/ - -tests/ +helmdocs.gotmpl diff --git a/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml b/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml new file mode 100644 index 00000000..4d13ecdb --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + artifacthub.io/license: AGPL-3.0 + artifacthub.io/links: | + - name: Documentation + url: https://fluxcd.control-plane.io/operator + - name: Chart Source + url: https://github.com/controlplaneio-fluxcd/charts + - name: Upstream Project + url: https://github.com/controlplaneio-fluxcd/flux-operator +apiVersion: v2 +appVersion: v0.6.0 +description: 'A Helm chart for deploying the Flux Operator. ' +home: https://github.com/controlplaneio-fluxcd +icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png +keywords: +- flux +- fluxcd +- gitops +kubeVersion: '>=1.22.0-0' +maintainers: +- email: stefan.prodan@control-plane.io + name: Stefan Prodan +- name: Soule Ba + url: soule.ba@control-plane.io +name: flux-operator +sources: +- https://github.com/controlplaneio-fluxcd/flux-operator +- https://github.com/controlplaneio-fluxcd/charts +type: application +version: 0.6.0 diff --git a/packages/system/fluxcd-operator/charts/flux-operator/README.md b/packages/system/fluxcd-operator/charts/flux-operator/README.md new file mode 100644 index 00000000..7fea50d7 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/README.md @@ -0,0 +1,57 @@ +# flux-operator + +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square) + +The [Flux Operator](https://github.com/controlplaneio-fluxcd) provides a declarative API +for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the +ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-flux-cd/). + +The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images +and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters. + +## Prerequisites + +- Kubernetes 1.22+ +- Helm 3.8+ + +## Installing the Chart + +To install the operator in the `flux-system` namespace: + +```console +helm install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \ + --namespace flux-system \ + --create-namespace \ + --wait +``` + +To deploy the Flux controllers and to configure automated updates, +see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/). + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}` | Pod affinity and anti-affinity settings. | +| commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | +| commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | +| extraEnvs | list | `[]` | Container extra environment variables. | +| fullnameOverride | string | `""` | | +| hostNetwork | bool | `false` | If `true`, the container ports (`8080` and `8081`) are exposed on the host network. | +| image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | +| installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | +| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | +| marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. | +| nameOverride | string | `""` | | +| podSecurityContext | object | `{}` | Pod security context settings. | +| priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. | +| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. | +| resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. | +| serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. | +| tolerations | list | `[]` | Pod tolerations settings. | + +## Source Code + +* +* diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/NOTES.txt b/packages/system/fluxcd-operator/charts/flux-operator/templates/NOTES.txt new file mode 100644 index 00000000..b09e5e52 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/NOTES.txt @@ -0,0 +1 @@ +Documentation at https://fluxcd.control-plane.io/operator/ diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/_helpers.tpl b/packages/system/fluxcd-operator/charts/flux-operator/templates/_helpers.tpl new file mode 100644 index 00000000..996d71d6 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "flux-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "flux-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "flux-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "flux-operator.labels" -}} +helm.sh/chart: {{ include "flux-operator.chart" . }} +{{ include "flux-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "flux-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "flux-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "flux-operator.serviceAccountName" -}} +{{- default (include "flux-operator.fullname" .) .Values.serviceAccount.name }} +{{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..6a09fa77 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/clusterrole.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "flux-operator.fullname" . }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml new file mode 100644 index 00000000..ff6dfe83 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/crds.yaml @@ -0,0 +1,704 @@ +{{- if and .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: fluxinstances.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxInstance + listKind: FluxInstanceList + plural: fluxinstances + singular: fluxinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.lastAttemptedRevision + name: Revision + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxInstance is the Schema for the fluxinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxInstanceSpec defines the desired state of FluxInstance + properties: + cluster: + description: Cluster holds the specification of the Kubernetes cluster. + properties: + domain: + default: cluster.local + description: |- + Domain is the cluster domain used for generating the FQDN of services. + Defaults to 'cluster.local'. + type: string + multitenant: + description: Multitenant enables the multitenancy lockdown. + type: boolean + networkPolicy: + default: true + description: |- + NetworkPolicy restricts network access to the current namespace. + Defaults to true. + type: boolean + type: + default: kubernetes + description: |- + Type specifies the distro of the Kubernetes cluster. + Defaults to 'kubernetes'. + enum: + - kubernetes + - openshift + - aws + - azure + - gcp + type: string + required: + - domain + - networkPolicy + type: object + components: + description: |- + Components is the list of controllers to install. + Defaults to all controllers. + items: + description: Component is the name of a controller to install. + enum: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-reflector-controller + - image-automation-controller + type: string + type: array + distribution: + description: Distribution specifies the version and container registry + to pull images from. + properties: + artifact: + description: |- + Artifact is the URL to the OCI artifact containing + the latest Kubernetes manifests for the distribution, + e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'. + pattern: ^oci://.*$ + type: string + imagePullSecret: + description: |- + ImagePullSecret is the name of the Kubernetes secret + to use for pulling images. + type: string + registry: + description: |- + Registry address to pull the distribution images from + e.g. 'ghcr.io/fluxcd'. + type: string + version: + description: Version semver expression e.g. '2.x', '2.3.x'. + type: string + required: + - registry + - version + type: object + kustomize: + description: |- + Kustomize holds a set of patches that can be applied to the + Flux installation, to customize the way Flux operates. + properties: + patches: + description: |- + Strategic merge and JSON patches, defined as inline YAML objects, + capable of targeting objects based on kind, label and annotation selectors. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + type: string + target: + description: Target points to the resources that the patch + document should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + type: object + storage: + description: |- + Storage holds the specification of the source-controller + persistent volume claim. + properties: + class: + description: Class is the storage class to use for the PVC. + type: string + size: + description: Size is the size of the PVC. + type: string + required: + - class + - size + type: object + sync: + description: |- + Sync specifies the source for the cluster sync operation. + When set, a Flux source (GitRepository, OCIRepository or Bucket) + and Flux Kustomization are created to sync the cluster state + with the source repository. + properties: + interval: + default: 1m + description: Interval is the time between syncs. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kind: + description: Kind is the kind of the source. + enum: + - OCIRepository + - GitRepository + - Bucket + type: string + path: + description: |- + Path is the path to the source directory containing + the kustomize overlay or plain Kubernetes manifests. + type: string + pullSecret: + description: |- + PullSecret specifies the Kubernetes Secret containing the + authentication credentials for the source. + For Git over HTTP/S sources, the secret must contain username and password fields. + For Git over SSH sources, the secret must contain known_hosts and identity fields. + For OCI sources, the secret must be of type kubernetes.io/dockerconfigjson. + For Bucket sources, the secret must contain accesskey and secretkey fields. + type: string + ref: + description: |- + Ref is the source reference, can be a Git ref name e.g. 'refs/heads/main', + an OCI tag e.g. 'latest' or a bucket name e.g. 'flux'. + type: string + url: + description: |- + URL is the source URL, can be a Git repository HTTP/S or SSH address, + an OCI repository address or a Bucket endpoint. + type: string + required: + - kind + - path + - ref + - url + type: object + wait: + default: true + description: |- + Wait instructs the controller to check the health of all the reconciled + resources. Defaults to true. + type: boolean + required: + - distribution + - wait + type: object + status: + description: FluxInstanceStatus defines the observed state of FluxInstance + properties: + components: + description: Components contains the container images used by the + components. + items: + description: ComponentImage represents a container image used by + a component. + properties: + digest: + description: Digest of the container image. + type: string + name: + description: Name of the component. + type: string + repository: + description: Repository address of the container image. + type: string + tag: + description: Tag of the container image. + type: string + required: + - name + - repository + - tag + type: object + type: array + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: |- + Inventory contains a list of Kubernetes resource object references + last applied on the cluster. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: |- + ID is the string representation of the Kubernetes resource object's metadata, + in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: |- + LastAppliedRevision is the version and digest of the + distribution config that was last reconcile. + type: string + lastAttemptedRevision: + description: |- + LastAttemptedRevision is the version and digest of the + distribution config that was last attempted to reconcile. + type: string + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: fluxreports.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxReport + listKind: FluxReportList + plural: fluxreports + singular: fluxreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.distribution.entitlement + name: Entitlement + priority: 10 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime + name: LastUpdated + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxReport is the Schema for the fluxreports API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxReportSpec defines the observed state of a Flux installation. + properties: + components: + description: ComponentsStatus is the status of the Flux controller + deployments. + items: + description: FluxComponentStatus defines the observed state of a + Flux component. + properties: + image: + description: Image is the container image of the Flux component. + type: string + name: + description: Name is the name of the Flux component. + type: string + ready: + description: Ready is the readiness status of the Flux component. + type: boolean + status: + description: |- + Status is a human-readable message indicating details + about the Flux component observed state. + type: string + required: + - image + - name + - ready + - status + type: object + type: array + distribution: + description: Distribution is the version information of the Flux installation. + properties: + entitlement: + description: Entitlement is the entitlement verification status. + type: string + managedBy: + description: ManagedBy is the name of the operator managing the + Flux instance. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the distribution observed state. + type: string + version: + description: Version is the version of the Flux instance. + type: string + required: + - entitlement + - status + type: object + reconcilers: + description: |- + ReconcilersStatus is the list of Flux reconcilers and + their statistics grouped by API kind. + items: + description: FluxReconcilerStatus defines the observed state of + a Flux reconciler. + properties: + apiVersion: + description: APIVersion is the API version of the Flux resource. + type: string + kind: + description: Kind is the kind of the Flux resource. + type: string + stats: + description: Stats is the reconcile statics of the Flux resource + kind. + properties: + failing: + description: |- + Failing is the number of reconciled + resources in the Failing state. + type: integer + running: + description: |- + Running is the number of reconciled + resources in the Running state. + type: integer + suspended: + description: |- + Suspended is the number of reconciled + resources in the Suspended state. + type: integer + totalSize: + description: TotalSize is the total size of the artifacts + in storage. + type: string + required: + - failing + - running + - suspended + type: object + required: + - apiVersion + - kind + type: object + type: array + sync: + description: |- + SyncStatus is the status of the cluster sync + Source and Kustomization resources. + properties: + id: + description: ID is the identifier of the sync. + type: string + path: + description: Path is the kustomize path of the sync. + type: string + ready: + description: Ready is the readiness status of the sync. + type: boolean + source: + description: Source is the URL of the source repository. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the sync observed state. + type: string + required: + - id + - ready + - status + type: object + required: + - distribution + type: object + status: + description: FluxReportStatus defines the readiness of a FluxReport. + properties: + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml new file mode 100644 index 00000000..7de88af2 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "flux-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "flux-operator.labels" . | nindent 8 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "flux-operator.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} + containers: + - name: manager + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.marketplace.type }} + - name: MARKETPLACE_TYPE + value: {{ . }} + {{- end }} + {{- with .Values.marketplace.account }} + - name: MARKETPLACE_ACCOUNT + value: {{ . }} + {{- end }} + {{- with .Values.marketplace.license }} + - name: MARKETPLACE_LICENSE + value: {{ . }} + {{- end }} + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 12 }} + {{- end }} + {{- include "cozy.kubernetes_envs" . | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: IfNotPresent + ports: + - name: http-metrics + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8081 + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: temp + mountPath: /tmp + volumes: + - name: temp + emptyDir: {} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/service.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/service.yaml new file mode 100644 index 00000000..37ad04c2 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: 8080 + targetPort: http-metrics + protocol: TCP + name: http + selector: + {{- include "flux-operator.selectorLabels" . | nindent 4 }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/templates/serviceaccount.yaml b/packages/system/fluxcd-operator/charts/flux-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..2a481a59 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "flux-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json b/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json new file mode 100644 index 00000000..1324083f --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/values.schema.json @@ -0,0 +1,309 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "properties": { + "affinity": { + "default": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.io/os", + "operator": "In", + "values": [ + "linux" + ] + } + ] + } + ] + } + } + }, + "properties": { + "nodeAffinity": { + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "commonAnnotations": { + "properties": {}, + "type": "object" + }, + "commonLabels": { + "properties": {}, + "type": "object" + }, + "extraEnvs": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, + "fullnameOverride": { + "type": "string" + }, + "hostNetwork": { + "default": false, + "type": "boolean" + }, + "image": { + "properties": { + "pullSecrets": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "installCRDs": { + "default": true, + "type": "boolean" + }, + "livenessProbe": { + "default": { + "httpGet": { + "path": "/healthz", + "port": 8081 + }, + "initialDelaySeconds": 15, + "periodSeconds": 20 + }, + "properties": { + "httpGet": { + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "marketplace": { + "properties": { + "account": { + "type": "string" + }, + "license": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "podSecurityContext": { + "default": { + "fsGroup": 1337 + }, + "properties": {}, + "type": "object" + }, + "priorityClassName": { + "default": "system-cluster-critical", + "type": "string" + }, + "readinessProbe": { + "default": { + "httpGet": { + "path": "/readyz", + "port": 8081 + }, + "initialDelaySeconds": 5, + "periodSeconds": 10 + }, + "properties": { + "httpGet": { + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "type": "object" + }, + "requests": { + "default": { + "cpu": "100m", + "memory": "64Mi" + }, + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "default": false, + "type": "boolean" + }, + "capabilities": { + "default": { + "drop": [ + "ALL" + ] + }, + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "readOnlyRootFilesystem": { + "default": true, + "type": "boolean" + }, + "runAsNonRoot": { + "default": true, + "type": "boolean" + }, + "seccompProfile": { + "default": { + "type": "RuntimeDefault" + }, + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "default": { + "automount": true, + "create": true, + "name": "" + }, + "properties": { + "automount": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "resources", + "securityContext" + ], + "type": "object" +} diff --git a/packages/system/fluxcd-operator/charts/flux-operator/values.yaml b/packages/system/fluxcd-operator/charts/flux-operator/values.yaml new file mode 100644 index 00000000..feebdf18 --- /dev/null +++ b/packages/system/fluxcd-operator/charts/flux-operator/values.yaml @@ -0,0 +1,97 @@ +# Default values for flux-operator. + +nameOverride: "" +fullnameOverride: "" + +# -- Install and upgrade the custom resource definitions. +installCRDs: true # @schema default: true + +# -- Common annotations to add to all deployed objects including pods. +commonAnnotations: { } + +# -- Common labels to add to all deployed objects including pods. +commonLabels: { } + +# -- Container image settings. +# The image tag defaults to the chart appVersion. +image: + repository: ghcr.io/controlplaneio-fluxcd/flux-operator # @schema required: true + tag: "" + pullSecrets: [ ] # @schema item: object ; uniqueItems: true + +# -- Pod priority class name. +# Recommended value is system-cluster-critical. +priorityClassName: "" # @schema default: "system-cluster-critical" + +# -- Container resources requests and limits settings. +resources: # @schema required: true + limits: + cpu: 1000m + memory: 1Gi + requests: # @schema default: {"cpu":"100m","memory":"64Mi"} + cpu: 100m + memory: 64Mi + +# -- Container liveness probe settings. +livenessProbe: # @schema default: {"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20} + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + +# -- Container readiness probe settings. +readinessProbe: # @schema default: {"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10} + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + +# -- Pod service account settings. +# The name of the service account defaults to the release name. +serviceAccount: # @schema default: {"create":true,"automount":true,"name":""} + create: true + automount: true + name: "" + +# -- Pod security context settings. +podSecurityContext: { } # @schema default: {"fsGroup":1337} + +# -- Container security context settings. +# The default is compliant with the pod security restricted profile. +securityContext: # @schema required: true + runAsNonRoot: true # @schema default: true + readOnlyRootFilesystem: true # @schema default: true + allowPrivilegeEscalation: false # @schema default: false + capabilities: # @schema default: {"drop":["ALL"]} + drop: # @schema item: string ; uniqueItems: true + - "ALL" + seccompProfile: # @schema default: {"type":"RuntimeDefault"} + type: "RuntimeDefault" + +# -- Pod affinity and anti-affinity settings. +affinity: # @schema default: {"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + +# -- Pod tolerations settings. +tolerations: [ ] # @schema item: object ; uniqueItems: true + +# -- Marketplace settings. +marketplace: + type: "" + license: "" + account: "" + +# -- If `true`, the container ports (`8080` and `8081`) are exposed on the host network. +hostNetwork: false # @schema default: false + +# -- Container extra environment variables. +extraEnvs: [ ] # @schema item: object ; uniqueItems: true diff --git a/packages/system/fluxcd-operator/patches/kubernetesEnvs.diff b/packages/system/fluxcd-operator/patches/kubernetesEnvs.diff new file mode 100644 index 00000000..1c9c1c39 --- /dev/null +++ b/packages/system/fluxcd-operator/patches/kubernetesEnvs.diff @@ -0,0 +1,12 @@ +diff --git a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml +index 8ffd8d8..5ad96a8 100644 +--- a/charts/flux-operator/templates/deployment.yaml ++++ b/charts/flux-operator/templates/deployment.yaml +@@ -58,6 +58,7 @@ spec: + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 12 }} + {{- end }} ++ {{- include "cozy.kubernetes_envs" . | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/packages/system/fluxcd-operator/templates/_helpers.tpl b/packages/system/fluxcd-operator/templates/_helpers.tpl new file mode 100644 index 00000000..e22979ba --- /dev/null +++ b/packages/system/fluxcd-operator/templates/_helpers.tpl @@ -0,0 +1,13 @@ +{{- define "cozy.kubernetes_envs" }} +{{- $cozyDeployment := lookup "apps/v1" "Deployment" "cozy-system" "cozystack" }} +{{- $cozyContainers := dig "spec" "template" "spec" "containers" dict $cozyDeployment }} +{{- range $cozyContainers }} +{{- if eq .name "cozystack" }} +{{- range .env }} +{{- if has .name (list "KUBERNETES_SERVICE_HOST" "KUBERNETES_SERVICE_PORT") }} +- {{ toJson . }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packages/system/fluxcd-operator/values.yaml b/packages/system/fluxcd-operator/values.yaml new file mode 100644 index 00000000..654ca304 --- /dev/null +++ b/packages/system/fluxcd-operator/values.yaml @@ -0,0 +1,7 @@ +flux-operator: + fullnameOverride: flux-operator + tolerations: + - key: node.kubernetes.io/not-ready + operator: Exists + effect: NoSchedule + hostNetwork: true diff --git a/packages/core/fluxcd/Chart.yaml b/packages/system/fluxcd/Chart.yaml similarity index 100% rename from packages/core/fluxcd/Chart.yaml rename to packages/system/fluxcd/Chart.yaml diff --git a/packages/system/fluxcd/Makefile b/packages/system/fluxcd/Makefile new file mode 100644 index 00000000..de09740c --- /dev/null +++ b/packages/system/fluxcd/Makefile @@ -0,0 +1,7 @@ +NAME=fluxcd +NAMESPACE=cozy-$(NAME) + +apply-locally: + helm upgrade -i -n $(NAMESPACE) $(NAME) . + +include ../../../scripts/package-system.mk diff --git a/packages/system/fluxcd/templates/flux-instance.yaml b/packages/system/fluxcd/templates/flux-instance.yaml new file mode 100644 index 00000000..ce0fd133 --- /dev/null +++ b/packages/system/fluxcd/templates/flux-instance.yaml @@ -0,0 +1,25 @@ +apiVersion: fluxcd.controlplane.io/v1 +kind: FluxInstance +metadata: + name: flux +spec: + {{- with .Values.cluster }} + cluster: + {{- with .networkPolicy }} + networkPolicy: {{ . }} + {{- end }} + {{- with .domain }} + domain: {{ . }} + {{- end }} + {{- end }} + distribution: + version: {{ .Values.distribution.version }} + registry: {{ .Values.distribution.registry }} + components: + {{- if .Values.components }} + {{- toYaml .Values.components | nindent 4 }} + {{- end }} + kustomize: + {{- if .Values.kustomize }} + {{- toYaml .Values.kustomize | nindent 4 }} + {{- end }} diff --git a/packages/system/fluxcd/values.yaml b/packages/system/fluxcd/values.yaml new file mode 100644 index 00000000..9eba35ec --- /dev/null +++ b/packages/system/fluxcd/values.yaml @@ -0,0 +1,47 @@ +cluster: + networkPolicy: true +# domain: cozy.local +distribution: + version: 2.3.x + registry: ghcr.io/fluxcd +components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-reflector-controller + - image-automation-controller +kustomize: + patches: + - target: + kind: Deployment + name: "(kustomize-controller|helm-controller|source-controller)" + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=20 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + - op: replace + path: /spec/template/spec/containers/0/resources/limits + value: + cpu: 2000m + memory: 2048Mi + - target: + kind: Deployment + name: source-controller + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --storage-adv-addr=source-controller.cozy-fluxcd.svc + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller.cozy-fluxcd.svc/ + - target: + kind: Deployment + name: (kustomize-controller|helm-controller|image-reflector-controller|image-automation-controller) + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller.cozy-fluxcd.svc/ diff --git a/packages/system/grafana-operator/Makefile b/packages/system/grafana-operator/Makefile index 05916ae5..38eed61c 100644 --- a/packages/system/grafana-operator/Makefile +++ b/packages/system/grafana-operator/Makefile @@ -1,5 +1,5 @@ -NAME=grafana-operator -NAMESPACE=cozy-grafana-operator +export NAME=grafana-operator +export NAMESPACE=cozy-grafana-operator include ../../../scripts/package-system.mk diff --git a/packages/system/ingress-nginx/Makefile b/packages/system/ingress-nginx/Makefile index 831ef0a0..a6b85f48 100644 --- a/packages/system/ingress-nginx/Makefile +++ b/packages/system/ingress-nginx/Makefile @@ -1,5 +1,5 @@ -NAME=ingress-nginx -NAMESPACE=cozy-$(NAME) +export NAME=ingress-nginx +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk @@ -8,7 +8,6 @@ update: helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update ingress-nginx helm pull ingress-nginx/ingress-nginx --untar --untardir charts - patch -p 3 < patches/add-metrics2.patch + patch --no-backup-if-mismatch -p 3 < patches/add-metrics2.patch rm -f charts/ingress-nginx/templates/controller-deployment.yaml.orig rm -rf charts/ingress-nginx/changelog/ - #sed -i '/ type:/a \ allocateLoadBalancerNodePorts: false' charts/ingress-nginx/templates/controller-service.yaml diff --git a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml.orig b/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml.orig deleted file mode 100644 index 3aaa9250..00000000 --- a/packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml.orig +++ /dev/null @@ -1,243 +0,0 @@ -{{- if eq .Values.controller.kind "DaemonSet" -}} -{{- include "isControllerTagValid" . -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - {{- include "ingress-nginx.labels" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- with .Values.controller.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ include "ingress-nginx.controller.fullname" . }} - namespace: {{ include "ingress-nginx.namespace" . }} - {{- if .Values.controller.annotations }} - annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.controller.updateStrategy }} - updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} - {{- end }} - minReadySeconds: {{ .Values.controller.minReadySeconds }} - template: - metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - {{- include "ingress-nginx.labels" . | nindent 8 }} - app.kubernetes.io/component: controller - {{- with .Values.controller.labels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.controller.podLabels }} - {{- toYaml .Values.controller.podLabels | nindent 8 }} - {{- end }} - spec: - {{- if .Values.controller.dnsConfig }} - dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} - {{- end }} - {{- if .Values.controller.hostAliases }} - hostAliases: {{ tpl (toYaml .Values.controller.hostAliases) $ | nindent 8 }} - {{- end }} - {{- if .Values.controller.hostname }} - hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} - {{- end }} - dnsPolicy: {{ .Values.controller.dnsPolicy }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName | quote }} - {{- end }} - {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} - securityContext: - {{- if .Values.controller.podSecurityContext }} - {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} - {{- end }} - {{- if .Values.controller.sysctls }} - sysctls: - {{- range $sysctl, $value := .Values.controller.sysctls }} - - name: {{ $sysctl | quote }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.controller.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} - {{- end }} - containers: - - name: {{ .Values.controller.containerName }} - {{- with .Values.controller.image }} - image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" - {{- end }} - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - {{- if .Values.controller.lifecycle }} - lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} - {{- end }} - args: {{ include "ingress-nginx.params" . | nindent 12 }} - securityContext: {{ include "ingress-nginx.controller.containerSecurityContext" . | nindent 12 }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.controller.enableMimalloc }} - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - {{- end }} - {{- if .Values.controller.extraEnvs }} - {{- toYaml .Values.controller.extraEnvs | nindent 12 }} - {{- end }} - {{- if .Values.controller.startupProbe }} - startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} - {{- end }} - {{- if .Values.controller.livenessProbe }} - livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.controller.readinessProbe }} - readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} - {{- end }} - ports: - {{- range $key, $value := .Values.controller.containerPort }} - - name: {{ $key }} - containerPort: {{ $value }} - protocol: TCP - {{- if $.Values.controller.hostPort.enabled }} - hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} - {{- end }} - {{- end }} - {{- if .Values.controller.metrics.enabled }} - - name: {{ .Values.controller.metrics.portName }} - containerPort: {{ .Values.controller.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook - containerPort: {{ .Values.controller.admissionWebhooks.port }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp - containerPort: {{ $key }} - protocol: TCP - {{- if $.Values.controller.hostPort.enabled }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp - containerPort: {{ $key }} - protocol: UDP - {{- if $.Values.controller.hostPort.enabled }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - volumeMounts: - {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - - name: modules - {{- if .Values.controller.image.chroot }} - mountPath: /chroot/modules_mount - {{- else }} - mountPath: /modules_mount - {{- end }} - {{- end }} - {{- if .Values.controller.customTemplate.configMapName }} - - mountPath: /etc/nginx/template - name: nginx-template-volume - readOnly: true - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - mountPath: /usr/local/certificates/ - readOnly: true - {{- end }} - {{- if .Values.controller.extraVolumeMounts }} - {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.controller.resources }} - resources: {{ toYaml .Values.controller.resources | nindent 12 }} - {{- end }} - {{- if .Values.controller.extraContainers }} - {{- toYaml .Values.controller.extraContainers | nindent 8 }} - {{- end }} - {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - initContainers: - {{- if .Values.controller.extraInitContainers }} - {{- toYaml .Values.controller.extraInitContainers | nindent 8 }} - {{- end }} - {{- if .Values.controller.extraModules }} - {{- range .Values.controller.extraModules }} - {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.controller.opentelemetry.enabled }} - {{- with .Values.controller.opentelemetry }} - {{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} - {{- include "extraModules" (dict "name" .name "image" .image "distroless" .distroless "containerSecurityContext" $containerSecurityContext "resources" .resources) | nindent 8 }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.controller.hostNetwork }} - hostNetwork: {{ .Values.controller.hostNetwork }} - {{- end }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} - {{- end }} - {{- if .Values.controller.topologySpreadConstraints }} - topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} - volumes: - {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} - - name: modules - emptyDir: {} - {{- end }} - {{- if .Values.controller.customTemplate.configMapName }} - - name: nginx-template-volume - configMap: - name: {{ .Values.controller.customTemplate.configMapName }} - items: - - key: {{ .Values.controller.customTemplate.configMapKey }} - path: nginx.tmpl - {{- end }} - {{- if .Values.controller.admissionWebhooks.enabled }} - - name: webhook-cert - secret: - secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }} - {{- if .Values.controller.admissionWebhooks.certManager.enabled }} - items: - - key: tls.crt - path: cert - - key: tls.key - path: key - {{- end }} - {{- end }} - {{- if .Values.controller.extraVolumes }} - {{ toYaml .Values.controller.extraVolumes | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/system/ingress-nginx/values.yaml b/packages/system/ingress-nginx/values.yaml index 1390e725..16018ed0 100644 --- a/packages/system/ingress-nginx/values.yaml +++ b/packages/system/ingress-nginx/values.yaml @@ -1,7 +1,7 @@ ingress-nginx: controller: extraArgs: - enable-ssl-passthrough: true + enable-ssl-passthrough: "" image: registry: ghcr.io image: kvaps/ingress-nginx-with-protobuf-exporter/controller @@ -32,8 +32,8 @@ ingress-nginx: #real-ip-header: "proxy_protocol" #enable-real-ip: "true" # keep-alive - proxy-connect-timeout: "10s" - proxy-read-timeout: "10s" + proxy-connect-timeout: "10" + proxy-read-timeout: "10" keep-alive-requests: "1000000" upstream-keepalive-requests: "100000" upstream-keepalive-time: '1m' diff --git a/packages/system/kafka-operator/Makefile b/packages/system/kafka-operator/Makefile index e68cb803..29c32688 100644 --- a/packages/system/kafka-operator/Makefile +++ b/packages/system/kafka-operator/Makefile @@ -1,5 +1,5 @@ -NAME=kafka-operator -NAMESPACE=cozy-$(NAME) +export NAME=kafka-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/kamaji-etcd/Makefile b/packages/system/kamaji-etcd/Makefile index b2f909b8..a5419dbb 100644 --- a/packages/system/kamaji-etcd/Makefile +++ b/packages/system/kamaji-etcd/Makefile @@ -4,6 +4,6 @@ update: helm repo update clastix helm pull clastix/kamaji-etcd --untar --untardir charts sed -i 's/hook-failed/before-hook-creation,hook-failed/' `grep -rl hook-failed charts` - patch -p4 < patches/fix-svc.diff - patch -p4 < patches/fullnameOverride.diff - patch -p4 < patches/remove-plus.patch + patch --no-backup-if-mismatch -p4 < patches/fix-svc.diff + patch --no-backup-if-mismatch -p4 < patches/fullnameOverride.diff + patch --no-backup-if-mismatch -p4 < patches/remove-plus.patch diff --git a/packages/system/kamaji/Makefile b/packages/system/kamaji/Makefile index 163d5548..bc4af6e9 100644 --- a/packages/system/kamaji/Makefile +++ b/packages/system/kamaji/Makefile @@ -1,5 +1,5 @@ -NAME=kamaji -NAMESPACE=cozy-$(NAME) +export NAME=kamaji +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/kamaji/charts/kamaji/Chart.yaml b/packages/system/kamaji/charts/kamaji/Chart.yaml index d4980db4..854242ba 100644 --- a/packages/system/kamaji/charts/kamaji/Chart.yaml +++ b/packages/system/kamaji/charts/kamaji/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: Kamaji catalog.cattle.io/release-name: kamaji apiVersion: v2 -appVersion: v0.5.0 +appVersion: v1.0.0 description: Kamaji is the Hosted Control Plane Manager for Kubernetes. home: https://github.com/clastix/kamaji icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png @@ -21,4 +21,4 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.15.2 +version: 1.0.0 diff --git a/packages/system/kamaji/charts/kamaji/README.md b/packages/system/kamaji/charts/kamaji/README.md index 6222e435..89a7d078 100644 --- a/packages/system/kamaji/charts/kamaji/README.md +++ b/packages/system/kamaji/charts/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.5.0](https://img.shields.io/badge/AppVersion-v0.5.0-informational?style=flat-square) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) Kamaji is the Hosted Control Plane Manager for Kubernetes. @@ -77,7 +77,7 @@ Here the values you can override: | datastore.driver | string | `"etcd"` | (string) The Kamaji Datastore driver, supported: etcd, MySQL, PostgreSQL (defaults=etcd). | | datastore.enabled | bool | `true` | (bool) Enable the Kamaji Datastore creation (default=true) | | datastore.endpoints | list | `[]` | (array) List of endpoints of the selected Datastore. When letting the Chart install the etcd datastore, this field is populated automatically. | -| datastore.nameOverride | string | `nil` | The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. | +| datastore.nameOverride | string | `nil` | The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. | | datastore.tlsConfig.certificateAuthority.certificate.keyPath | string | `nil` | Key of the Secret which contains the content of the certificate. | | datastore.tlsConfig.certificateAuthority.certificate.name | string | `nil` | Name of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. | | datastore.tlsConfig.certificateAuthority.certificate.namespace | string | `nil` | Namespace of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. | @@ -90,6 +90,7 @@ Here the values you can override: | datastore.tlsConfig.clientCertificate.privateKey.keyPath | string | `nil` | Key of the Secret which contains the content of the private key. | | datastore.tlsConfig.clientCertificate.privateKey.name | string | `nil` | Name of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | | datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | +| datastore.tlsConfig.enabled | bool | `true` | | | etcd.compactionInterval | int | `0` | ETCD Compaction interval (e.g. "5m0s"). (default: "0" (disabled)) | | etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji | | etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.6"}` | Install specific etcd image | @@ -133,6 +134,7 @@ Here the values you can override: | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `"kamaji-controller-manager"` | | | serviceMonitor.enabled | bool | `false` | Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured | +| telemetry | object | `{"disabled":false}` | Disable the analytics traces collection | | temporaryDirectoryPath | string | `"/tmp/kamaji"` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") | | tolerations | list | `[]` | Kubernetes node taints that the Kamaji controller pods would tolerate | diff --git a/packages/system/kamaji/charts/kamaji/crds/datastore.yaml b/packages/system/kamaji/charts/kamaji/crds/datastore.yaml index 0077a06e..97405495 100644 --- a/packages/system/kamaji/charts/kamaji/crds/datastore.yaml +++ b/packages/system/kamaji/charts/kamaji/crds/datastore.yaml @@ -71,10 +71,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to reference + a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -98,10 +100,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to reference + a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -118,6 +122,7 @@ spec: - etcd - MySQL - PostgreSQL + - NATS type: string endpoints: description: |- @@ -128,7 +133,9 @@ spec: minItems: 1 type: array tlsConfig: - description: Defines the TLS/SSL configuration required to connect to the data store in a secure way. + description: |- + Defines the TLS/SSL configuration required to connect to the data store in a secure way. + This value is optional. properties: certificateAuthority: description: |- @@ -152,10 +159,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to + reference a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -179,10 +188,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to + reference a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -193,7 +204,8 @@ spec: - certificate type: object clientCertificate: - description: Specifies the SSL/TLS key and private key pair used to connect to the data store. + description: Specifies the SSL/TLS key and private key pair used + to connect to the data store. properties: certificate: properties: @@ -212,10 +224,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to + reference a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -239,10 +253,12 @@ spec: minLength: 1 type: string name: - description: name is unique within a namespace to reference a secret resource. + description: name is unique within a namespace to + reference a secret resource. type: string namespace: - description: namespace defines the space within which the secret name must be unique. + description: namespace defines the space within which + the secret name must be unique. type: string required: - keyPath @@ -255,18 +271,17 @@ spec: type: object required: - certificateAuthority - - clientCertificate type: object required: - driver - endpoints - - tlsConfig type: object status: description: DataStoreStatus defines the observed state of DataStore. properties: usedBy: - description: List of the Tenant Control Planes, namespaced named, using this data store. + description: List of the Tenant Control Planes, namespaced named, + using this data store. items: type: string type: array diff --git a/packages/system/kamaji/charts/kamaji/crds/tenantcontrolplane.yaml b/packages/system/kamaji/charts/kamaji/crds/tenantcontrolplane.yaml index 2af86342..b94dd328 100644 --- a/packages/system/kamaji/charts/kamaji/crds/tenantcontrolplane.yaml +++ b/packages/system/kamaji/charts/kamaji/crds/tenantcontrolplane.yaml @@ -55,7 +55,8 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: TenantControlPlane is the Schema for the tenantcontrolplanes API. + description: TenantControlPlane is the Schema for the tenantcontrolplanes + API. properties: apiVersion: description: |- @@ -97,7 +98,8 @@ spec: type: string type: object konnectivity: - description: Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network. + description: Enables the Konnectivity addon in the Tenant Cluster, + required if the worker nodes are in a different network. properties: agent: default: @@ -115,8 +117,53 @@ spec: type: array image: default: registry.k8s.io/kas-network-proxy/proxy-agent - description: AgentImage defines the container image for Konnectivity's agent. + description: AgentImage defines the container image for + Konnectivity's agent. type: string + tolerations: + default: + - key: CriticalAddonsOnly + operator: Exists + description: |- + Tolerations for the deployed agent. + Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array version: default: v0.0.32 description: Version for Konnectivity agent. @@ -139,14 +186,17 @@ spec: type: array image: default: registry.k8s.io/kas-network-proxy/proxy-server - description: Container image used by the Konnectivity server. + description: Container image used by the Konnectivity + server. type: string port: - description: The port which Konnectivity server is listening to. + description: The port which Konnectivity server is listening + to. format: int32 type: integer resources: - description: Resources define the amount of CPU and memory to allocate to the Konnectivity server. + description: Resources define the amount of CPU and memory + to allocate to the Konnectivity server. properties: claims: description: |- @@ -160,7 +210,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -202,7 +253,8 @@ spec: type: object version: default: v0.0.32 - description: Container image version of the Konnectivity server. + description: Container image version of the Konnectivity + server. type: string required: - port @@ -231,12 +283,15 @@ spec: such as the number of Pod replicas, the Service resource, or the Ingress. properties: deployment: - description: Defining the options for the deployed Tenant Control Plane as Deployment resource. + description: Defining the options for the deployed Tenant Control + Plane as Deployment resource. properties: additionalContainers: - description: AdditionalContainers allows adding additional containers to the Control Plane deployment. + description: AdditionalContainers allows adding additional + containers to the Control Plane deployment. items: - description: A single application container that you want to run within a pod. + description: A single application container that you want + to run within a pod. properties: args: description: |- @@ -271,10 +326,12 @@ spec: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. + Must be a C_IDENTIFIER. type: string value: description: |- @@ -289,7 +346,8 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -304,7 +362,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key @@ -316,10 +375,13 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath @@ -331,13 +393,16 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -348,10 +413,13 @@ spec: type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in + the pod's namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: description: |- @@ -360,7 +428,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -383,7 +452,8 @@ spec: Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from @@ -395,12 +465,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap + must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -412,7 +484,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret must be defined + description: Specify whether the Secret must + be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -462,7 +535,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -470,9 +544,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the + request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -489,7 +565,8 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. + description: Path to access on the HTTP + server. type: string port: anyOf: @@ -509,10 +586,12 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents the duration that + the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. + description: Seconds is the number of seconds + to sleep. format: int64 type: integer required: @@ -525,7 +604,8 @@ spec: lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -568,7 +648,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -576,9 +657,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the + request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -595,7 +678,8 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. + description: Path to access on the HTTP + server. type: string port: anyOf: @@ -615,10 +699,12 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents the duration that + the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. + description: Seconds is the number of seconds + to sleep. format: int64 type: integer required: @@ -631,7 +717,8 @@ spec: lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -676,10 +763,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -694,7 +783,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -702,9 +792,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -759,10 +851,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -814,7 +908,8 @@ spec: For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port + in a single container. properties: containerPort: description: |- @@ -823,7 +918,8 @@ spec: format: int32 type: integer hostIP: - description: What host IP to bind the external port to. + description: What host IP to bind the external + port to. type: string hostPort: description: |- @@ -882,10 +978,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -900,7 +998,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -908,9 +1007,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -965,10 +1066,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -1007,7 +1110,8 @@ spec: resizePolicy: description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize policy for the container. + description: ContainerResizePolicy represents resource + resize policy for the container. properties: resourceName: description: |- @@ -1043,7 +1147,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -1150,14 +1255,16 @@ spec: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array x-kubernetes-list-type: atomic drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array x-kubernetes-list-type: atomic @@ -1219,16 +1326,20 @@ spec: Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that + applies to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that + applies to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that + applies to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: @@ -1272,7 +1383,8 @@ spec: GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: description: |- @@ -1322,10 +1434,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -1340,7 +1454,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -1348,9 +1463,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -1405,10 +1522,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -1486,15 +1605,20 @@ spec: Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices + to be used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a + raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of + the container that the device will be mapped + to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1509,7 +1633,8 @@ spec: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a + Volume within a container. properties: mountPath: description: |- @@ -1588,9 +1713,11 @@ spec: type: object type: array additionalInitContainers: - description: AdditionalInitContainers allows adding additional init containers to the Control Plane deployment. + description: AdditionalInitContainers allows adding additional + init containers to the Control Plane deployment. items: - description: A single application container that you want to run within a pod. + description: A single application container that you want + to run within a pod. properties: args: description: |- @@ -1625,10 +1752,12 @@ spec: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. + Must be a C_IDENTIFIER. type: string value: description: |- @@ -1643,7 +1772,8 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1658,7 +1788,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key @@ -1670,10 +1801,13 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath @@ -1685,13 +1819,16 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -1702,10 +1839,13 @@ spec: type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in + the pod's namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: description: |- @@ -1714,7 +1854,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -1737,7 +1878,8 @@ spec: Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from @@ -1749,12 +1891,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap + must be defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -1766,7 +1910,8 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret must be defined + description: Specify whether the Secret must + be defined type: boolean type: object x-kubernetes-map-type: atomic @@ -1816,7 +1961,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -1824,9 +1970,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the + request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -1843,7 +1991,8 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. + description: Path to access on the HTTP + server. type: string port: anyOf: @@ -1863,10 +2012,12 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents the duration that + the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. + description: Seconds is the number of seconds + to sleep. format: int64 type: integer required: @@ -1879,7 +2030,8 @@ spec: lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -1922,7 +2074,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -1930,9 +2083,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the + request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -1949,7 +2104,8 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: Path to access on the HTTP server. + description: Path to access on the HTTP + server. type: string port: anyOf: @@ -1969,10 +2125,12 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents the duration that + the container should sleep before being terminated. properties: seconds: - description: Seconds is the number of seconds to sleep. + description: Seconds is the number of seconds + to sleep. format: int64 type: integer required: @@ -1985,7 +2143,8 @@ spec: lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -2030,10 +2189,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -2048,7 +2209,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -2056,9 +2218,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -2113,10 +2277,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -2168,7 +2334,8 @@ spec: For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port + in a single container. properties: containerPort: description: |- @@ -2177,7 +2344,8 @@ spec: format: int32 type: integer hostIP: - description: What host IP to bind the external port to. + description: What host IP to bind the external + port to. type: string hostPort: description: |- @@ -2236,10 +2404,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -2254,7 +2424,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -2262,9 +2433,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -2319,10 +2492,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -2361,7 +2536,8 @@ spec: resizePolicy: description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize policy for the container. + description: ContainerResizePolicy represents resource + resize policy for the container. properties: resourceName: description: |- @@ -2397,7 +2573,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -2504,14 +2681,16 @@ spec: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array x-kubernetes-list-type: atomic drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array x-kubernetes-list-type: atomic @@ -2573,16 +2752,20 @@ spec: Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that + applies to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that + applies to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that + applies to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: @@ -2626,7 +2809,8 @@ spec: GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: description: |- @@ -2676,10 +2860,12 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies an action involving + a GRPC port. properties: port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: @@ -2694,7 +2880,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies the http request + to perform. properties: host: description: |- @@ -2702,9 +2889,11 @@ spec: "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: description: |- @@ -2759,10 +2948,12 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies an action involving + a TCP port. properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: @@ -2840,15 +3031,20 @@ spec: Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices + to be used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a + raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of + the container that the device will be mapped + to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -2863,7 +3059,8 @@ spec: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a + Volume within a container. properties: mountPath: description: |- @@ -2942,7 +3139,9 @@ spec: type: object type: array additionalMetadata: - description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + description: AdditionalMetadata defines which additional metadata, + such as labels and annotations, must be attached to the + created resource. properties: annotations: additionalProperties: @@ -2960,7 +3159,8 @@ spec: properties: apiServer: items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: description: |- @@ -3026,7 +3226,8 @@ spec: type: array controllerManager: items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: description: |- @@ -3092,7 +3293,8 @@ spec: type: array scheduler: items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: description: |- @@ -3158,9 +3360,11 @@ spec: type: array type: object additionalVolumes: - description: AdditionalVolumes allows to add additional volumes to the Control Plane deployment. + description: AdditionalVolumes allows to add additional volumes + to the Control Plane deployment. items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. properties: awsElasticBlockStore: description: |- @@ -3198,16 +3402,20 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the blob storage + description: diskName is the Name of the data disk + in the blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob storage + description: diskURI is the URI of data disk in + the blob storage type: string fsType: description: |- @@ -3216,7 +3424,11 @@ spec: Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' type: string readOnly: description: |- @@ -3228,7 +3440,8 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. properties: readOnly: description: |- @@ -3236,7 +3449,8 @@ spec: the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains Azure Storage Account Name and Key + description: secretName is the name of secret that + contains Azure Storage Account Name and Key type: string shareName: description: shareName is the azure share Name @@ -3246,7 +3460,8 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime properties: monitors: description: |- @@ -3257,7 +3472,9 @@ spec: type: array x-kubernetes-list-type: atomic path: - description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' type: string readOnly: description: |- @@ -3331,7 +3548,8 @@ spec: - volumeID type: object configMap: - description: configMap represents a configMap that should populate this volume + description: configMap represents a configMap that should + populate this volume properties: defaultMode: description: |- @@ -3354,7 +3572,8 @@ spec: the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: key is the key to project. @@ -3389,12 +3608,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional specify whether the ConfigMap or its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). properties: driver: description: |- @@ -3439,7 +3661,8 @@ spec: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod that should populate this volume + description: downwardAPI represents downward API about + the pod that should populate this volume properties: defaultMode: description: |- @@ -3454,18 +3677,26 @@ spec: format: int32 type: integer items: - description: Items is a list of downward API volume file + description: Items is a list of downward API volume + file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath @@ -3482,7 +3713,11 @@ spec: format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' type: string resourceFieldRef: description: |- @@ -3490,13 +3725,16 @@ spec: (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: @@ -3635,10 +3873,12 @@ spec: For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced + description: Kind is the type of resource + being referenced type: string name: - description: Name is the name of resource being referenced + description: Name is the name of resource + being referenced type: string required: - kind @@ -3678,10 +3918,12 @@ spec: For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced + description: Kind is the type of resource + being referenced type: string name: - description: Name is the name of resource being referenced + description: Name is the name of resource + being referenced type: string namespace: description: |- @@ -3727,17 +3969,22 @@ spec: type: object type: object selector: - description: selector is a label query over volumes to consider for binding. + description: selector is a label query over + volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -3796,7 +4043,8 @@ spec: Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the PersistentVolume backing this claim. + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -3804,7 +4052,9 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. properties: fsType: description: |- @@ -3823,7 +4073,8 @@ spec: the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array @@ -3843,7 +4094,8 @@ spec: provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for this volume. + description: driver is the name of the driver to + use for this volume. type: string fsType: description: |- @@ -3854,7 +4106,8 @@ spec: options: additionalProperties: type: string - description: 'options is Optional: this field holds extra command options if any.' + description: 'options is Optional: this field holds + extra command options if any.' type: object readOnly: description: |- @@ -3881,7 +4134,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running properties: datasetName: description: |- @@ -3889,7 +4144,8 @@ spec: should be considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: @@ -3947,7 +4203,8 @@ spec: description: repository is the URL type: string revision: - description: revision is the commit hash for the specified revision. + description: revision is the commit hash for the + specified revision. type: string required: - repository @@ -4010,10 +4267,12 @@ spec: More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication type: boolean fsType: description: |- @@ -4055,7 +4314,8 @@ spec: Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target and initiator authentication + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication properties: name: description: |- @@ -4126,7 +4386,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine properties: fsType: description: |- @@ -4135,13 +4397,15 @@ spec: Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller persistent disk + description: pdID is the ID that identifies Photon + Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine properties: fsType: description: |- @@ -4155,13 +4419,15 @@ spec: the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx + volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: description: |- @@ -4176,7 +4442,8 @@ spec: sources: description: sources is the list of volume projections items: - description: Projection that may be projected along with other supported volume types + description: Projection that may be projected + along with other supported volume types properties: clusterTrustBundle: description: |- @@ -4205,14 +4472,18 @@ spec: everything". properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -4259,7 +4530,8 @@ spec: ClusterTrustBundles. type: boolean path: - description: Relative path from the volume root to write the bundle. + description: Relative path from the volume + root to write the bundle. type: string signerName: description: |- @@ -4271,7 +4543,8 @@ spec: - path type: object configMap: - description: configMap information about the configMap data to project + description: configMap information about the + configMap data to project properties: items: description: |- @@ -4283,7 +4556,8 @@ spec: the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a + path within a volume. properties: key: description: key is the key to project. @@ -4318,26 +4592,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional specify whether the ConfigMap or its keys must be defined + description: optional specify whether + the ConfigMap or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI data to project + description: downwardAPI information about + the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume file + description: Items is a list of DownwardAPIVolume + file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field + to select in the specified + API version. type: string required: - fieldPath @@ -4354,7 +4640,13 @@ spec: format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' type: string resourceFieldRef: description: |- @@ -4362,17 +4654,22 @@ spec: (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: + required for volumes, optional + for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output + format of the exposed resources, + defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: 'Required: resource + to select' type: string required: - resource @@ -4385,7 +4682,8 @@ spec: x-kubernetes-list-type: atomic type: object secret: - description: secret information about the secret data to project + description: secret information about the + secret data to project properties: items: description: |- @@ -4397,7 +4695,8 @@ spec: the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a + path within a volume. properties: key: description: key is the key to project. @@ -4432,12 +4731,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: optional field specify whether the Secret or its key must be defined + description: optional field specify whether + the Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about the serviceAccountToken data to project + description: serviceAccountToken is information + about the serviceAccountToken data to project properties: audience: description: |- @@ -4469,7 +4770,8 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime properties: group: description: |- @@ -4498,7 +4800,8 @@ spec: Defaults to serivceaccount user type: string volume: - description: volume is a string that references an already created Quobyte volume by name. + description: volume is a string that references + an already created Quobyte volume by name. type: string required: - registry @@ -4574,7 +4877,8 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. properties: fsType: description: |- @@ -4584,10 +4888,12 @@ spec: Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO API Gateway. + description: gateway is the host address of the + ScaleIO API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. type: string readOnly: description: |- @@ -4608,7 +4914,8 @@ spec: type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication with Gateway, default false + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false type: boolean storageMode: description: |- @@ -4616,10 +4923,12 @@ spec: Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: system is the name of the storage system as configured in ScaleIO. + description: system is the name of the storage system + as configured in ScaleIO. type: string volumeName: description: |- @@ -4657,7 +4966,8 @@ spec: the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: key is the key to project. @@ -4686,7 +4996,8 @@ spec: type: array x-kubernetes-list-type: atomic optional: - description: optional field specify whether the Secret or its keys must be defined + description: optional field specify whether the + Secret or its keys must be defined type: boolean secretName: description: |- @@ -4695,7 +5006,8 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. properties: fsType: description: |- @@ -4737,7 +5049,8 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine properties: fsType: description: |- @@ -4746,13 +5059,17 @@ spec: Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath @@ -4767,7 +5084,8 @@ spec: More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ properties: nodeAffinity: - description: Describes node affinity scheduling rules for the pod. + description: Describes node affinity scheduling rules + for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- @@ -4786,17 +5104,20 @@ spec: (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with the corresponding weight. + description: A node selector term, associated + with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the + selector applies to. type: string operator: description: |- @@ -4821,14 +5142,16 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the + selector applies to. type: string operator: description: |- @@ -4855,7 +5178,9 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. format: int32 type: integer required: @@ -4873,7 +5198,8 @@ spec: may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. + description: Required. A list of node selector + terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of @@ -4881,14 +5207,16 @@ spec: The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the + selector applies to. type: string operator: description: |- @@ -4913,14 +5241,16 @@ spec: type: array x-kubernetes-list-type: atomic matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the + selector applies to. type: string operator: description: |- @@ -4954,7 +5284,9 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- @@ -4968,10 +5300,13 @@ spec: "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, + associated with the corresponding weight. properties: labelSelector: description: |- @@ -4979,14 +5314,18 @@ spec: If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -5058,14 +5397,18 @@ spec: An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -5155,14 +5498,17 @@ spec: If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key + that the selector applies to. type: string operator: description: |- @@ -5234,14 +5580,17 @@ spec: An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key + that the selector applies to. type: string operator: description: |- @@ -5299,7 +5648,9 @@ spec: x-kubernetes-list-type: atomic type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- @@ -5313,10 +5664,13 @@ spec: "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, + associated with the corresponding weight. properties: labelSelector: description: |- @@ -5324,14 +5678,18 @@ spec: If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -5403,14 +5761,18 @@ spec: An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label + key that the selector applies + to. type: string operator: description: |- @@ -5500,14 +5862,17 @@ spec: If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key + that the selector applies to. type: string operator: description: |- @@ -5579,14 +5944,17 @@ spec: An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key + that the selector applies to. type: string operator: description: |- @@ -5660,7 +6028,8 @@ spec: type: string type: array kine: - description: Available only if Kamaji is running using Kine as backing storage. + description: Available only if Kamaji is running using + Kine as backing storage. items: type: string type: array @@ -5677,6 +6046,20 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object + podAdditionalMetadata: + description: AdditionalMetadata defines which additional metadata, + such as labels and annotations, must be attached to the + created resource. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object registrySettings: default: apiServerImage: kube-apiserver @@ -5715,7 +6098,8 @@ spec: (kube-apiserver, controller-manager, and scheduler). properties: apiServer: - description: ResourceRequirements describes the compute resource requirements. + description: ResourceRequirements describes the compute + resource requirements. properties: claims: description: |- @@ -5729,7 +6113,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -5770,7 +6155,8 @@ spec: type: object type: object controllerManager: - description: ResourceRequirements describes the compute resource requirements. + description: ResourceRequirements describes the compute + resource requirements. properties: claims: description: |- @@ -5784,7 +6170,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -5841,7 +6228,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -5882,7 +6270,8 @@ spec: type: object type: object scheduler: - description: ResourceRequirements describes the compute resource requirements. + description: ResourceRequirements describes the compute + resource requirements. properties: claims: description: |- @@ -5896,7 +6285,8 @@ spec: This field is immutable. It can only be set for containers. items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. properties: name: description: |- @@ -5945,6 +6335,11 @@ spec: empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class type: string + serviceAccountName: + default: default + description: ServiceAccountName allows to specify the service + account to be mounted to the pods of the Control plane deployment + type: string strategy: default: rollingUpdate: @@ -5998,7 +6393,8 @@ spec: x-kubernetes-int-or-string: true type: object type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + description: Type of deployment. Can be "Recreate" or + "RollingUpdate". Default is RollingUpdate. type: string type: object tolerations: @@ -6049,7 +6445,8 @@ spec: In case of nil underlying LabelSelector, the Kamaji one for the given Tenant Control Plane will be used. All topologySpreadConstraints are ANDed. items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. properties: labelSelector: description: |- @@ -6058,14 +6455,16 @@ spec: in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: description: |- @@ -6225,10 +6624,13 @@ spec: type: array type: object ingress: - description: Defining the options for an Optional Ingress which will expose API Server of the Tenant Control Plane + description: Defining the options for an Optional Ingress which + will expose API Server of the Tenant Control Plane properties: additionalMetadata: - description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + description: AdditionalMetadata defines which additional metadata, + such as labels and annotations, must be attached to the + created resource. properties: annotations: additionalProperties: @@ -6248,10 +6650,13 @@ spec: type: string type: object service: - description: Defining the options for the Tenant Control Plane Service resource. + description: Defining the options for the Tenant Control Plane + Service resource. properties: additionalMetadata: - description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + description: AdditionalMetadata defines which additional metadata, + such as labels and annotations, must be attached to the + created resource. properties: annotations: additionalProperties: @@ -6263,7 +6668,8 @@ spec: type: object type: object serviceType: - description: ServiceType allows specifying how to expose the Tenant Control Plane. + description: ServiceType allows specifying how to expose the + Tenant Control Plane. enum: - ClusterIP - NodePort @@ -6445,7 +6851,8 @@ spec: - enabled type: object konnectivity: - description: KonnectivityStatus defines the status of Konnectivity as Addon. + description: KonnectivityStatus defines the status of Konnectivity + as Addon. properties: agent: properties: @@ -6490,7 +6897,8 @@ spec: enabled: type: boolean kubeconfig: - description: KubeconfigStatus contains information about the generated kubeconfig. + description: KubeconfigStatus contains information about the + generated kubeconfig. properties: checksum: type: string @@ -6512,12 +6920,24 @@ spec: type: string type: object service: - description: KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster. + description: KubernetesServiceStatus defines the status for + the Tenant Control Plane Service in the management cluster. properties: conditions: description: Current service state items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the + field path .status.conditions. For example,\n\n\n\ttype + FooStatus struct{\n\t // Represents the observations + of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -6551,7 +6971,8 @@ spec: pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: - description: status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, + False, Unknown. enum: - "True" - "False" @@ -6631,7 +7052,9 @@ spec: pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string port: - description: Port is the port number of the service port of which status is recorded here + description: Port is the port number of + the service port of which status is + recorded here format: int32 type: integer protocol: @@ -6654,7 +7077,8 @@ spec: description: The name of the Service for the given cluster. type: string namespace: - description: The namespace which the Service for the given cluster is deployed. + description: The namespace which the Service for the given + cluster is deployed. type: string port: description: The port where the service is running @@ -6719,10 +7143,12 @@ spec: type: string type: object etcd: - description: ETCDCertificatesStatus defines the observed state of ETCD Certificate for API server. + description: ETCDCertificatesStatus defines the observed state + of ETCD Certificate for API server. properties: apiServer: - description: APIServerCertificatesStatus defines the observed state of ETCD Certificate for API server. + description: APIServerCertificatesStatus defines the observed + state of ETCD Certificate for API server. properties: checksum: type: string @@ -6733,7 +7159,8 @@ spec: type: string type: object ca: - description: ETCDCertificateStatus defines the observed state of ETCD Certificate for API server. + description: ETCDCertificateStatus defines the observed state + of ETCD Certificate for API server. properties: checksum: type: string @@ -6779,13 +7206,16 @@ spec: type: object type: object controlPlaneEndpoint: - description: ControlPlaneEndpoint contains the status of the kubernetes control plane + description: ControlPlaneEndpoint contains the status of the kubernetes + control plane type: string kubeadmPhase: - description: KubeadmPhase contains the status of the kubeadm phases action + description: KubeadmPhase contains the status of the kubeadm phases + action properties: bootstrapToken: - description: KubeadmPhaseStatus contains the status of a kubeadm phase action. + description: KubeadmPhaseStatus contains the status of a kubeadm + phase action. properties: checksum: type: string @@ -6797,7 +7227,8 @@ spec: - bootstrapToken type: object kubeadmconfig: - description: KubeadmConfig contains the status of the configuration required by kubeadm + description: KubeadmConfig contains the status of the configuration + required by kubeadm properties: checksum: description: Checksum of the kubeadm configuration to detect changes @@ -6809,10 +7240,12 @@ spec: type: string type: object kubeconfig: - description: KubeConfig contains information about the kubenconfigs that control plane pieces need + description: KubeConfig contains information about the kubenconfigs + that control plane pieces need properties: admin: - description: KubeconfigStatus contains information about the generated kubeconfig. + description: KubeconfigStatus contains information about the generated + kubeconfig. properties: checksum: type: string @@ -6823,7 +7256,8 @@ spec: type: string type: object controllerManager: - description: KubeconfigStatus contains information about the generated kubeconfig. + description: KubeconfigStatus contains information about the generated + kubeconfig. properties: checksum: type: string @@ -6834,7 +7268,8 @@ spec: type: string type: object scheduler: - description: KubeconfigStatus contains information about the generated kubeconfig. + description: KubeconfigStatus contains information about the generated + kubeconfig. properties: checksum: type: string @@ -6846,13 +7281,16 @@ spec: type: object type: object kubernetesResources: - description: Kubernetes contains information about the reconciliation of the required Kubernetes resources deployed in the admin cluster + description: Kubernetes contains information about the reconciliation + of the required Kubernetes resources deployed in the admin cluster properties: deployment: - description: KubernetesDeploymentStatus defines the status for the Tenant Control Plane Deployment in the management cluster. + description: KubernetesDeploymentStatus defines the status for + the Tenant Control Plane Deployment in the management cluster. properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + description: Total number of available pods (ready for at + least minReadySeconds) targeted by this deployment. format: int32 type: integer collisionCount: @@ -6863,12 +7301,15 @@ spec: format: int32 type: integer conditions: - description: Represents the latest available observations of a deployment's current state. + description: Represents the latest available observations + of a deployment's current state. items: - description: DeploymentCondition describes the state of a deployment at a certain point. + description: DeploymentCondition describes the state of + a deployment at a certain point. properties: lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from + one status to another. format: date-time type: string lastUpdateTime: @@ -6876,13 +7317,15 @@ spec: format: date-time type: string message: - description: A human readable message indicating details about the transition. + description: A human readable message indicating details + about the transition. type: string reason: description: The reason for the condition's last transition. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: Status of the condition, one of True, False, + Unknown. type: string type: description: Type of deployment condition. @@ -6903,22 +7346,26 @@ spec: description: The name of the Deployment for the given cluster. type: string namespace: - description: The namespace which the Deployment for the given cluster is deployed. + description: The namespace which the Deployment for the given + cluster is deployed. type: string observedGeneration: description: The generation observed by the deployment controller. format: int64 type: integer readyReplicas: - description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + description: readyReplicas is the number of pods targeted + by this Deployment with a Ready Condition. format: int32 type: integer replicas: - description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + description: Total number of non-terminated pods targeted + by this deployment (their labels match the selector). format: int32 type: integer selector: - description: Selector is the label selector used to group the Tenant Control Plane Pods used by the scale subresource. + description: Selector is the label selector used to group + the Tenant Control Plane Pods used by the scale subresource. type: string unavailableReplicas: description: |- @@ -6928,7 +7375,8 @@ spec: format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + description: Total number of non-terminated pods targeted + by this deployment that have the desired template spec. format: int32 type: integer required: @@ -6937,26 +7385,34 @@ spec: - selector type: object ingress: - description: KubernetesIngressStatus defines the status for the Tenant Control Plane Ingress in the management cluster. + description: KubernetesIngressStatus defines the status for the + Tenant Control Plane Ingress in the management cluster. properties: loadBalancer: - description: loadBalancer contains the current status of the load-balancer. + description: loadBalancer contains the current status of the + load-balancer. properties: ingress: - description: ingress is a list containing ingress points for the load-balancer. + description: ingress is a list containing ingress points + for the load-balancer. items: - description: IngressLoadBalancerIngress represents the status of a load-balancer ingress point. + description: IngressLoadBalancerIngress represents the + status of a load-balancer ingress point. properties: hostname: - description: hostname is set for load-balancer ingress points that are DNS based. + description: hostname is set for load-balancer ingress + points that are DNS based. type: string ip: - description: ip is set for load-balancer ingress points that are IP based. + description: ip is set for load-balancer ingress + points that are IP based. type: string ports: - description: ports provides information about the ports exposed by this LoadBalancer. + description: ports provides information about the + ports exposed by this LoadBalancer. items: - description: IngressPortStatus represents the error condition of a service port + description: IngressPortStatus represents the + error condition of a service port properties: error: description: |- @@ -6972,7 +7428,8 @@ spec: pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string port: - description: port is the port number of the ingress port. + description: port is the port number of the + ingress port. format: int32 type: integer protocol: @@ -6995,19 +7452,32 @@ spec: description: The name of the Ingress for the given cluster. type: string namespace: - description: The namespace which the Ingress for the given cluster is deployed. + description: The namespace which the Ingress for the given + cluster is deployed. type: string required: - name - namespace type: object service: - description: KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster. + description: KubernetesServiceStatus defines the status for the + Tenant Control Plane Service in the management cluster. properties: conditions: description: Current service state items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -7041,7 +7511,8 @@ spec: pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: - description: status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, + Unknown. enum: - "True" - "False" @@ -7121,7 +7592,9 @@ spec: pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string port: - description: Port is the port number of the service port of which status is recorded here + description: Port is the port number of the + service port of which status is recorded + here format: int32 type: integer protocol: @@ -7144,7 +7617,8 @@ spec: description: The name of the Service for the given cluster. type: string namespace: - description: The namespace which the Service for the given cluster is deployed. + description: The namespace which the Service for the given + cluster is deployed. type: string port: description: The port where the service is running @@ -7156,11 +7630,13 @@ spec: - port type: object version: - description: KubernetesVersion contains the information regarding the running Kubernetes version, and its upgrade status. + description: KubernetesVersion contains the information regarding + the running Kubernetes version, and its upgrade status. properties: status: default: Provisioning - description: Status returns the current status of the Kubernetes version, such as its provisioning state, or completed upgrade. + description: Status returns the current status of the Kubernetes + version, such as its provisioning state, or completed upgrade. enum: - Provisioning - CertificateAuthorityRotating @@ -7170,12 +7646,14 @@ spec: - NotReady type: string version: - description: Version is the running Kubernetes version of the Tenant Control Plane. + description: Version is the running Kubernetes version of + the Tenant Control Plane. type: string type: object type: object storage: - description: Storage Status contains information about Kubernetes storage system + description: Storage Status contains information about Kubernetes + storage system properties: certificate: properties: diff --git a/packages/system/kamaji/charts/kamaji/templates/controller.yaml b/packages/system/kamaji/charts/kamaji/templates/controller.yaml index 82ddd5cb..e1a73e67 100644 --- a/packages/system/kamaji/charts/kamaji/templates/controller.yaml +++ b/packages/system/kamaji/charts/kamaji/templates/controller.yaml @@ -34,6 +34,9 @@ spec: - --metrics-bind-address={{ .Values.metricsBindAddress }} - --tmp-directory={{ .Values.temporaryDirectoryPath }} - --datastore={{ include "datastore.fullname" . }} + {{- if .Values.telemetry.disabled }} + - --disable-telemetry + {{- end }} {{- if .Values.loggingDevel.enable }} - --zap-devel {{- end }} diff --git a/packages/system/kamaji/charts/kamaji/templates/datastore.yaml b/packages/system/kamaji/charts/kamaji/templates/datastore.yaml index b54ef99a..08631b98 100644 --- a/packages/system/kamaji/charts/kamaji/templates/datastore.yaml +++ b/packages/system/kamaji/charts/kamaji/templates/datastore.yaml @@ -20,9 +20,14 @@ spec: secretReference: {{- .Values.datastore.basicAuth.passwordSecret | toYaml | nindent 8 }} {{- end }} +{{- if .Values.datastore.tlsConfig.enabled }} tlsConfig: certificateAuthority: {{- include "datastore.certificateAuthority" . | indent 6 }} + + {{- if .Values.datastore.tlsConfig.clientCertificate }} clientCertificate: {{- include "datastore.clientCertificate" . | indent 6 }} + {{- end }} +{{- end}} {{- end}} diff --git a/packages/system/kamaji/charts/kamaji/templates/validatingwebhookconfiguration.yaml b/packages/system/kamaji/charts/kamaji/templates/validatingwebhookconfiguration.yaml index d981e974..a347443f 100644 --- a/packages/system/kamaji/charts/kamaji/templates/validatingwebhookconfiguration.yaml +++ b/packages/system/kamaji/charts/kamaji/templates/validatingwebhookconfiguration.yaml @@ -8,6 +8,27 @@ metadata: {{- include "kamaji.labels" $data | nindent 4 }} name: kamaji-validating-webhook-configuration webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /telemetry + failurePolicy: Ignore + name: telemetry.kamaji.clastix.io + rules: + - apiGroups: + - kamaji.clastix.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - tenantcontrolplanes + sideEffects: None - admissionReviewVersions: - v1 clientConfig: diff --git a/packages/system/kamaji/charts/kamaji/values.yaml b/packages/system/kamaji/charts/kamaji/values.yaml index 814f2aa9..03d4f635 100644 --- a/packages/system/kamaji/charts/kamaji/values.yaml +++ b/packages/system/kamaji/charts/kamaji/values.yaml @@ -60,7 +60,7 @@ etcd: # -- The custom annotations to add to the PVC customAnnotations: {} # volumeType: local - + # -- (array) Kubernetes affinity rules to apply to Kamaji etcd pods tolerations: [] @@ -162,7 +162,7 @@ loggingDevel: datastore: # -- (bool) Enable the Kamaji Datastore creation (default=true) enabled: true - # -- (string) The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. + # -- (string) The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. nameOverride: # -- (string) The Kamaji Datastore driver, supported: etcd, MySQL, PostgreSQL (defaults=etcd). driver: etcd @@ -184,6 +184,7 @@ datastore: # -- The Secret key where the data is stored. keyPath: tlsConfig: + enabled: true certificateAuthority: certificate: # -- Name of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. @@ -218,4 +219,9 @@ datastore: cfssl: image: repository: cfssl/cfssl - tag: latest \ No newline at end of file + tag: latest + +# -- Disable the analytics traces collection +telemetry: + disabled: false + \ No newline at end of file diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index de677502..2ef13714 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -1,8 +1,3 @@ kamaji: etcd: deploy: false - - # Fix https://github.com/clastix/kamaji/pull/467 - image: - repository: ghcr.io/kvaps/test - tag: kamaji-v0.6.0-fix diff --git a/packages/system/kubeovn/Makefile b/packages/system/kubeovn/Makefile index 783005ba..ce53fcfe 100644 --- a/packages/system/kubeovn/Makefile +++ b/packages/system/kubeovn/Makefile @@ -1,7 +1,7 @@ KUBEOVN_TAG = v1.13.0 -NAME=kubeovn -NAMESPACE=cozy-$(NAME) +export NAME=kubeovn +export NAMESPACE=cozy-$(NAME) include ../../../scripts/common-envs.mk include ../../../scripts/package-system.mk @@ -10,7 +10,7 @@ update: rm -rf charts && mkdir -p charts/kube-ovn curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \ tar xzvf - --strip 1 kube-ovn-master/charts - patch -p4 --no-backup-if-mismatch < patches/cozyconfig.diff + patch --no-backup-if-mismatch -p4 < patches/cozyconfig.diff ln -s ../../images charts/kube-ovn/images sed -i '/image:/ s/{{.*}}/{{ include "kubeovn.image" . }}/g' `grep -rl image: charts/kube-ovn/templates/` diff --git a/packages/system/kubeovn/images/kubeovn.json b/packages/system/kubeovn/images/kubeovn.json index b6bf0857..3c163b02 100644 --- a/packages/system/kubeovn/images/kubeovn.json +++ b/packages/system/kubeovn/images/kubeovn.json @@ -1,4 +1,41 @@ { - "containerimage.config.digest": "sha256:b3d76d1764c8c470a32b4d3b19e48592eda547710e8e6508666930e1db1b4cb3", - "containerimage.digest": "sha256:e5275d3a367aba3b4a7ec0bf25583cc21241e320da2ffd86f5c9cf4a7f6fac77" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/kubeovn/kube-ovn-base@v1.13.0?platform=linux%2Famd64", + "digest": { + "sha256": "b383903ab2427169bfd27ac49ec1f835e01be552dd391aae92a63d6a5d04f05d" + } + }, + { + "uri": "pkg:docker/golang@1.22-bookworm?platform=linux%2Famd64", + "digest": { + "sha256": "6c2780255bb7b881e904e303be0d7a079054160b2ce1efde446693c0850a39ad" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "amd64/amd64/59sogfe3191kwbdbmplhsarwj", + "containerimage.config.digest": "sha256:c60b915c03796938fee46e305997e540bd71f688f9f6b7c4b5846168501768fb", + "containerimage.digest": "sha256:731d2f079c6ef243731f2f7fd70f36b4da4c50626622b496241ecfe9f98913c0" } \ No newline at end of file diff --git a/packages/system/kubevirt-cdi-operator/Makefile b/packages/system/kubevirt-cdi-operator/Makefile index b34c0f0f..6cf08193 100644 --- a/packages/system/kubevirt-cdi-operator/Makefile +++ b/packages/system/kubevirt-cdi-operator/Makefile @@ -1,5 +1,5 @@ -NAME=kubevirt-cdi-operator -NAMESPACE=cozy-kubevirt-cdi +export NAME=kubevirt-cdi-operator +export NAMESPACE=cozy-kubevirt-cdi include ../../../scripts/package-system.mk diff --git a/packages/system/kubevirt-cdi/Makefile b/packages/system/kubevirt-cdi/Makefile index 09e37e3e..c6209a54 100644 --- a/packages/system/kubevirt-cdi/Makefile +++ b/packages/system/kubevirt-cdi/Makefile @@ -1,5 +1,5 @@ -NAME=kubevirt-cdi -NAMESPACE=cozy-$(NAME) +export NAME=kubevirt-cdi +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/kubevirt-operator/Makefile b/packages/system/kubevirt-operator/Makefile index 8f4de121..cea1a529 100644 --- a/packages/system/kubevirt-operator/Makefile +++ b/packages/system/kubevirt-operator/Makefile @@ -1,5 +1,5 @@ -NAME=kubevirt-operator -NAMESPACE=cozy-kubevirt +export NAME=kubevirt-operator +export NAMESPACE=cozy-kubevirt include ../../../scripts/package-system.mk diff --git a/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml b/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml index 236cd3de..ed9f9d03 100644 --- a/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml +++ b/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml @@ -354,6 +354,7 @@ spec: type: boolean type: object emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. items: type: string type: array @@ -624,6 +625,22 @@ spec: binding: additionalProperties: properties: + domainAttachmentType: + description: 'DomainAttachmentType is a standard domain + network attachment method kubevirt supports. Supported + values: "tap". The standard domain attachment can + be used instead or in addition to the sidecarImage. + version: 1alphav1' + type: string + migration: + description: 'Migration means the VM using the plugin + can be safely migrated version: 1alphav1' + properties: + method: + description: 'Method defines a pre-defined migration + methodology version: 1alphav1' + type: string + type: object networkAttachmentDefinition: description: 'NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. Format: @@ -650,6 +667,7 @@ spec: type: boolean type: object ovmfPath: + description: Deprecated. Use architectureConfiguration instead. type: string permittedHostDevices: description: PermittedHostDevices holds information about devices @@ -883,6 +901,14 @@ spec: AutoattachSerialConsole is disabled. type: object type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string vmStateStorageClass: description: VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. @@ -3422,6 +3448,7 @@ spec: type: boolean type: object emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. items: type: string type: array @@ -3692,6 +3719,22 @@ spec: binding: additionalProperties: properties: + domainAttachmentType: + description: 'DomainAttachmentType is a standard domain + network attachment method kubevirt supports. Supported + values: "tap". The standard domain attachment can + be used instead or in addition to the sidecarImage. + version: 1alphav1' + type: string + migration: + description: 'Migration means the VM using the plugin + can be safely migrated version: 1alphav1' + properties: + method: + description: 'Method defines a pre-defined migration + methodology version: 1alphav1' + type: string + type: object networkAttachmentDefinition: description: 'NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. Format: @@ -3718,6 +3761,7 @@ spec: type: boolean type: object ovmfPath: + description: Deprecated. Use architectureConfiguration instead. type: string permittedHostDevices: description: PermittedHostDevices holds information about devices @@ -3951,6 +3995,14 @@ spec: AutoattachSerialConsole is disabled. type: object type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string vmStateStorageClass: description: VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. @@ -6970,6 +7022,13 @@ rules: - get - list - watch +- apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list - apiGroups: - subresources.kubevirt.io resources: @@ -7275,6 +7334,13 @@ rules: - get - list - watch +- apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list - apiGroups: - subresources.kubevirt.io resources: @@ -7439,14 +7505,14 @@ spec: - virt-operator env: - name: VIRT_OPERATOR_IMAGE - value: quay.io/kubevirt/virt-operator:v1.1.0 + value: quay.io/kubevirt/virt-operator:v1.2.2 - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - name: KUBEVIRT_VERSION - value: v1.1.0 - image: quay.io/kubevirt/virt-operator:v1.1.0 + value: v1.2.2 + image: quay.io/kubevirt/virt-operator:v1.2.2 imagePullPolicy: IfNotPresent name: virt-operator ports: diff --git a/packages/system/kubevirt/Makefile b/packages/system/kubevirt/Makefile index 80636712..e939b0f1 100644 --- a/packages/system/kubevirt/Makefile +++ b/packages/system/kubevirt/Makefile @@ -1,5 +1,5 @@ -NAME=kubevirt -NAMESPACE=cozy-$(NAME) +export NAME=kubevirt +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/linstor/Makefile b/packages/system/linstor/Makefile index 9191aa74..34e8cd9c 100644 --- a/packages/system/linstor/Makefile +++ b/packages/system/linstor/Makefile @@ -1,4 +1,4 @@ -NAME=linstor -NAMESPACE=cozy-$(NAME) +export NAME=linstor +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/mariadb-operator/Makefile b/packages/system/mariadb-operator/Makefile index 292fa0aa..a94e4306 100644 --- a/packages/system/mariadb-operator/Makefile +++ b/packages/system/mariadb-operator/Makefile @@ -1,5 +1,5 @@ -NAME=mariadb-operator -NAMESPACE=cozy-$(NAME) +export NAME=mariadb-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/metallb/Makefile b/packages/system/metallb/Makefile index 423bbd50..09085f4e 100644 --- a/packages/system/metallb/Makefile +++ b/packages/system/metallb/Makefile @@ -1,5 +1,5 @@ -NAME=metallb -NAMESPACE=cozy-$(NAME) +export NAME=metallb +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/monitoring/Makefile b/packages/system/monitoring/Makefile index 8ebc1e4c..bfc68669 100644 --- a/packages/system/monitoring/Makefile +++ b/packages/system/monitoring/Makefile @@ -1,5 +1,5 @@ -NAME=monitoring -NAMESPACE=cozy-$(NAME) +export NAME=monitoring +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/piraeus-operator/Makefile b/packages/system/piraeus-operator/Makefile index 222d5ef7..ae459844 100644 --- a/packages/system/piraeus-operator/Makefile +++ b/packages/system/piraeus-operator/Makefile @@ -1,5 +1,5 @@ -NAME=piraeus-operator -NAMESPACE=cozy-linstor +export NAME=piraeus-operator +export NAMESPACE=cozy-linstor include ../../../scripts/package-system.mk diff --git a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml index f2ce5d79..ac8b65cf 100644 --- a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml @@ -3,8 +3,8 @@ name: piraeus description: | The Piraeus Operator manages software defined storage clusters using LINSTOR in Kubernetes. type: application -version: 2.5.0 -appVersion: "v2.5.0" +version: 2.5.1 +appVersion: "v2.5.1" maintainers: - name: Piraeus Datastore url: https://piraeus.io diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml index 4ff5234e..a9e77bc6 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml @@ -20,10 +20,11 @@ data: tag: v1.27.1 image: piraeus-server linstor-satellite: - tag: v1.27.1 + # Pin with digest to ensure we pull the version with downgraded thin-send-recv + tag: v1.27.1@sha256:26037f77d30d5487024e02a808d4ef913b93b745f2bb850cabc7f43a5359adff image: piraeus-server linstor-csi: - tag: v1.5.0 + tag: v1.6.0 image: piraeus-csi drbd-reactor: tag: v1.4.0 @@ -38,11 +39,11 @@ data: tag: v0.10 image: ktls-utils drbd-module-loader: - tag: v9.2.8 + tag: v9.2.9 # The special "match" attribute is used to select an image based on the node's reported OS. # The operator will first check the k8s node's ".status.nodeInfo.osImage" field, and compare it against the list # here. If one matches, that specific image name will be used instead of the fallback image. - image: drbd9-jammy # Fallback image: chose a fairly recent kernel, which can hopefully compile whatever config is actually in use + image: drbd9-noble # Fallback image: chose a recent kernel, which can hopefully compile whatever config is actually in use match: - osImage: CentOS Linux 7 image: drbd9-centos7 @@ -64,6 +65,8 @@ data: image: drbd9-focal - osImage: Ubuntu 22\.04 image: drbd9-jammy + - osImage: Ubuntu 24\.04 + image: drbd9-noble - osImage: Debian GNU/Linux 12 image: drbd9-bookworm - osImage: Debian GNU/Linux 11 diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml index 275db553..75952f94 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml @@ -262,11 +262,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -294,14 +296,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -814,11 +819,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -846,14 +853,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/deployment.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/deployment.yaml index d10e931c..84cf2948 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/deployment.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/deployment.yaml @@ -92,6 +92,7 @@ spec: runAsNonRoot: true serviceAccountName: {{ include "piraeus-operator.serviceAccountName" . }} terminationGracePeriodSeconds: 10 + priorityClassName: {{ .Values.priorityClassName | default "system-cluster-critical" }} tolerations: {{- toYaml .Values.tolerations | nindent 8 }} volumes: diff --git a/packages/system/piraeus-operator/charts/piraeus/values.yaml b/packages/system/piraeus-operator/charts/piraeus/values.yaml index ada590fe..87ca5064 100644 --- a/packages/system/piraeus-operator/charts/piraeus/values.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/values.yaml @@ -93,6 +93,8 @@ tolerations: effect: NoSchedule affinity: { } +priorityClassName: "" + podDisruptionBudget: enabled: true minAvailable: 1 diff --git a/packages/system/postgres-operator/Makefile b/packages/system/postgres-operator/Makefile index d5e25ee0..037948fc 100644 --- a/packages/system/postgres-operator/Makefile +++ b/packages/system/postgres-operator/Makefile @@ -1,5 +1,5 @@ -NAME=postgres-operator -NAMESPACE=cozy-$(NAME) +export NAME=postgres-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/rabbitmq-operator/Makefile b/packages/system/rabbitmq-operator/Makefile index 143ff227..999958c0 100644 --- a/packages/system/rabbitmq-operator/Makefile +++ b/packages/system/rabbitmq-operator/Makefile @@ -1,5 +1,5 @@ -NAME=rabbitmq-operator -NAMESPACE=cozy-$(NAME) +export NAME=rabbitmq-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/redis-operator/Makefile b/packages/system/redis-operator/Makefile index 1fc8474f..28007838 100644 --- a/packages/system/redis-operator/Makefile +++ b/packages/system/redis-operator/Makefile @@ -1,5 +1,5 @@ -NAME=redis-operator -NAMESPACE=cozy-$(NAME) +export NAME=redis-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/packages/system/telepresence/Makefile b/packages/system/telepresence/Makefile index ff48731b..31de4820 100644 --- a/packages/system/telepresence/Makefile +++ b/packages/system/telepresence/Makefile @@ -1,5 +1,5 @@ -NAME=traffic-manager -NAMESPACE=cozy-telepresence +export NAME=traffic-manager +export NAMESPACE=cozy-telepresence include ../../../scripts/package-system.mk diff --git a/packages/system/victoria-metrics-operator/Makefile b/packages/system/victoria-metrics-operator/Makefile index 99e28582..5221bfae 100644 --- a/packages/system/victoria-metrics-operator/Makefile +++ b/packages/system/victoria-metrics-operator/Makefile @@ -1,5 +1,5 @@ -NAME=victoria-metrics-operator -NAMESPACE=cozy-$(NAME) +export NAME=victoria-metrics-operator +export NAMESPACE=cozy-$(NAME) include ../../../scripts/package-system.mk diff --git a/scripts/fluxcd-kustomize.sh b/scripts/fluxcd-kustomize.sh new file mode 100755 index 00000000..a0af5a71 --- /dev/null +++ b/scripts/fluxcd-kustomize.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# This scripts adds common fluxcd labels to all objects + +if [ -z "$NAME" ]; then + echo 'Variable $NAME is not set!' >&2 + exit 1 +fi + +if [ -z "$NAMESPACE" ]; then + echo 'Variable $NAMESPACE is not set!' >&2 + exit 1 +fi + +TMP_DIR=$(mktemp -d) +cat - > "${TMP_DIR}/helm-generated-output.yaml" +cat > "${TMP_DIR}/global-labels.yaml" < "${TMP_DIR}/kustomization.yaml" <