starred/holos
1
0
Fork 0
mirror of https://github.com/holos-run/holos.git synced 2026-03-19 16:54:58 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Compare commits

base: starred:v0.101.4
Branches Tags
starred:main starred:dependabot/go_modules/go_modules-a258281abc starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-495cad6dbb starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-31e1e7acf6 starred:jeff/v1alpha6-executor starred:jeff/435-examples starred:jeff/gemini-compare starred:jeff/compile-backup starred:jeff/xcue starred:jeff/command starred:kubeslice starred:jeff/406-unify-values starred:gl/embed-timoni-for-tests starred:jeff/378-kargo-topic starred:gl/helm-values-test-fixes starred:test starred:jeff/370-private-helm-repositories starred:jeff/371-helm-sdk starred:jeff/readme starred:jeff/327-brew-install starred:release starred:gl/311-setup-and-hello-holos starred:301-docs-structure-refactor starred:jeff/225-ko-release starred:jeff/try-holos
starred:v0.106.0 starred:v0.105.1 starred:v0.105.0 starred:v0.104.3 starred:v0.104.2 starred:v0.104.1 starred:v0.104.0 starred:v0.103.0 starred:v0.102.5 starred:v0.102.4 starred:v0.102.3 starred:v0.102.2 starred:v0.102.1 starred:v0.102.0 starred:v0.1.1 starred:v0.1.0 starred:v0.101.8 starred:v0.101.7 starred:v0.101.6 starred:v0.101.5 starred:v0.101.4 starred:v0.101.3 starred:v0.101.2 starred:v0.101.1 starred:v0.101.0 starred:v0.100.1 starred:v0.100.0 starred:v0.99.3 starred:v0.99.2 starred:v0.99.1 starred:v0.99.0 starred:v0.98.2 starred:v0.98.1 starred:v0.98.0 starred:v0.97.3 starred:v0.97.2 starred:v0.97.1 starred:v0.97.0 starred:v0.96.0 starred:v0.95.3 starred:v0.95.2 starred:v0.95.1 starred:v0.95.0 starred:v0.94.0 starred:v0.93.4 starred:v0.93.3 starred:v0.93.2 starred:v0.93.1 starred:v0.93.0 starred:v0.92.0 starred:v0.91.1 starred:v0.91.0 starred:v0.90.0 starred:v0.89.1 starred:v0.89.0 starred:v0.87.2 starred:v0.87.1 starred:v0.87.0 starred:v0.86.0 starred:v0.85.1 starred:v0.85.0 starred:v0.84.1 starred:v0.84.0 starred:v0.83.1 starred:v0.83.0 starred:v0.82.2 starred:v0.82.1 starred:v0.81.2 starred:v0.81.0 starred:v0.80.2 starred:v0.80.1 starred:v0.80.0 starred:v0.79.0 starred:v0.78.0 starred:v0.77.0 starred:v0.76.1 starred:v0.76.0 starred:v0.75.1 starred:v0.75.0 starred:v0.74.0 starred:v0.73.3 starred:v0.73.1 starred:v0.73.0 starred:v0.72.1 starred:v0.70.4 starred:v0.70.1 starred:v0.70.0 starred:v0.69.0 starred:v0.68.1 starred:v0.68.0 starred:v0.67.0 starred:v0.66.0 starred:v0.65.2 starred:v0.65.1 starred:v0.65.0 starred:v0.64.5 starred:v0.64.4 starred:v0.64.3 starred:v0.64.2 starred:v0.64.1 starred:v0.64.0 starred:v0.63.5 starred:v0.63.4 starred:v0.63.3 starred:v0.63.2 starred:v0.63.1 starred:v0.63.0 starred:v0.62.1 starred:v0.62.0 starred:v0.61.7 starred:v0.61.6 starred:v0.61.5 starred:v0.61.4 starred:v0.61.3 starred:v0.61.1 starred:v0.61.0 starred:v0.60.4 starred:v0.60.3 starred:v0.60.2 starred:v0.60.1 starred:v0.60.0 starred:v0.59.0 starred:v0.58.3 starred:v0.58.2 starred:v0.58.1 starred:v0.58.0 starred:v0.57.0 starred:v0.56.0 starred:v0.55.4 starred:v0.55.3 starred:v0.55.2 starred:v0.55.1 starred:v0.55.0 starred:v0.54.1 starred:v0.53.4 starred:v0.53.3 starred:v0.53.2 starred:v0.53.1 starred:v0.52.0 starred:v0.51.2 starred:v0.51.1 starred:v0.51.0 starred:v0.50.2 starred:v0.50.1 starred:v0.50.0 starred:v0.49.7 starred:v0.49.6 starred:v0.49.5 starred:v0.49.4 starred:v0.49.3 starred:v0.49.2 starred:v0.49.1 starred:v0.49.0 starred:v0.48.3 starred:v0.48.2 starred:v0.48.1 starred:v0.48.0 starred:v0.47.2 starred:v0.47.1 starred:v0.47.0 starred:v0.46.3 starred:v0.46.2 starred:v0.46.1 starred:v0.46.0 starred:v0.45.3 starred:v0.45.2 starred:v0.45.1 starred:v0.45.0 starred:v0.44.0 starred:v0.43.2 starred:v0.43.1 starred:v0.43.0 starred:v0.42.1 starred:v0.42.0 starred:v0.41.0 starred:v0.40.4 starred:v0.40.3 starred:v0.40.2 starred:v0.40.1 starred:v0.40.0
..
compare: starred:v0.101.7
Branches Tags
starred:dependabot/go_modules/go_modules-a258281abc starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-495cad6dbb starred:main starred:dependabot/npm_and_yarn/doc/website/npm_and_yarn-31e1e7acf6 starred:jeff/v1alpha6-executor starred:jeff/435-examples starred:jeff/gemini-compare starred:jeff/compile-backup starred:jeff/xcue starred:jeff/command starred:kubeslice starred:jeff/406-unify-values starred:gl/embed-timoni-for-tests starred:jeff/378-kargo-topic starred:gl/helm-values-test-fixes starred:test starred:jeff/370-private-helm-repositories starred:jeff/371-helm-sdk starred:jeff/readme starred:jeff/327-brew-install starred:release starred:gl/311-setup-and-hello-holos starred:301-docs-structure-refactor starred:jeff/225-ko-release starred:jeff/try-holos
starred:v0.106.0 starred:v0.105.1 starred:v0.105.0 starred:v0.104.3 starred:v0.104.2 starred:v0.104.1 starred:v0.104.0 starred:v0.103.0 starred:v0.102.5 starred:v0.102.4 starred:v0.102.3 starred:v0.102.2 starred:v0.102.1 starred:v0.102.0 starred:v0.1.1 starred:v0.1.0 starred:v0.101.8 starred:v0.101.7 starred:v0.101.6 starred:v0.101.5 starred:v0.101.4 starred:v0.101.3 starred:v0.101.2 starred:v0.101.1 starred:v0.101.0 starred:v0.100.1 starred:v0.100.0 starred:v0.99.3 starred:v0.99.2 starred:v0.99.1 starred:v0.99.0 starred:v0.98.2 starred:v0.98.1 starred:v0.98.0 starred:v0.97.3 starred:v0.97.2 starred:v0.97.1 starred:v0.97.0 starred:v0.96.0 starred:v0.95.3 starred:v0.95.2 starred:v0.95.1 starred:v0.95.0 starred:v0.94.0 starred:v0.93.4 starred:v0.93.3 starred:v0.93.2 starred:v0.93.1 starred:v0.93.0 starred:v0.92.0 starred:v0.91.1 starred:v0.91.0 starred:v0.90.0 starred:v0.89.1 starred:v0.89.0 starred:v0.87.2 starred:v0.87.1 starred:v0.87.0 starred:v0.86.0 starred:v0.85.1 starred:v0.85.0 starred:v0.84.1 starred:v0.84.0 starred:v0.83.1 starred:v0.83.0 starred:v0.82.2 starred:v0.82.1 starred:v0.81.2 starred:v0.81.0 starred:v0.80.2 starred:v0.80.1 starred:v0.80.0 starred:v0.79.0 starred:v0.78.0 starred:v0.77.0 starred:v0.76.1 starred:v0.76.0 starred:v0.75.1 starred:v0.75.0 starred:v0.74.0 starred:v0.73.3 starred:v0.73.1 starred:v0.73.0 starred:v0.72.1 starred:v0.70.4 starred:v0.70.1 starred:v0.70.0 starred:v0.69.0 starred:v0.68.1 starred:v0.68.0 starred:v0.67.0 starred:v0.66.0 starred:v0.65.2 starred:v0.65.1 starred:v0.65.0 starred:v0.64.5 starred:v0.64.4 starred:v0.64.3 starred:v0.64.2 starred:v0.64.1 starred:v0.64.0 starred:v0.63.5 starred:v0.63.4 starred:v0.63.3 starred:v0.63.2 starred:v0.63.1 starred:v0.63.0 starred:v0.62.1 starred:v0.62.0 starred:v0.61.7 starred:v0.61.6 starred:v0.61.5 starred:v0.61.4 starred:v0.61.3 starred:v0.61.1 starred:v0.61.0 starred:v0.60.4 starred:v0.60.3 starred:v0.60.2 starred:v0.60.1 starred:v0.60.0 starred:v0.59.0 starred:v0.58.3 starred:v0.58.2 starred:v0.58.1 starred:v0.58.0 starred:v0.57.0 starred:v0.56.0 starred:v0.55.4 starred:v0.55.3 starred:v0.55.2 starred:v0.55.1 starred:v0.55.0 starred:v0.54.1 starred:v0.53.4 starred:v0.53.3 starred:v0.53.2 starred:v0.53.1 starred:v0.52.0 starred:v0.51.2 starred:v0.51.1 starred:v0.51.0 starred:v0.50.2 starred:v0.50.1 starred:v0.50.0 starred:v0.49.7 starred:v0.49.6 starred:v0.49.5 starred:v0.49.4 starred:v0.49.3 starred:v0.49.2 starred:v0.49.1 starred:v0.49.0 starred:v0.48.3 starred:v0.48.2 starred:v0.48.1 starred:v0.48.0 starred:v0.47.2 starred:v0.47.1 starred:v0.47.0 starred:v0.46.3 starred:v0.46.2 starred:v0.46.1 starred:v0.46.0 starred:v0.45.3 starred:v0.45.2 starred:v0.45.1 starred:v0.45.0 starred:v0.44.0 starred:v0.43.2 starred:v0.43.1 starred:v0.43.0 starred:v0.42.1 starred:v0.42.0 starred:v0.41.0 starred:v0.40.4 starred:v0.40.3 starred:v0.40.2 starred:v0.40.1 starred:v0.40.0

19 Commits
v0.101.4 ... v0.101.7

Author SHA1 Message Date
Jeff McCune
54efe3e24a core: pass --extract-yaml flag from platform to component (#376) 
Previously holos render platform was not setting the --extract-yaml file
when calling holos render component, causing data file instances defined
in the Platform spec to be discarded.

This patch passes the value along using the flag.
 2024-12-19 08:39:55 -08:00
Jeff McCune
f693f049f4 core: refactor --instance to --extract-yaml (#376) 
Extract YAML is more clear and aligns with the schema docs for the
Component Instance field which has an extractYAML kind.  This also
leaves the door open for additional kinds of data extractors which are
almost certainly going to be needed.
 2024-12-19 08:34:05 -08:00
Jeff McCune
85238710ac core: unify data files into config (#376) 
Previously there isn't a good way to unify json and yaml files with the
cue configuration.  This is a problem for use cases where data can be
generated idempotentialy prior to rendering the platform configuration.

The first use case is to explore unifying configuration with decrypted
sops values, which isn't typical since Holos is designed to handle
secrets with ExternalSecret resources, but does fit into the use case of
executing a command to produce data idempotently, then make the data
available to the platform configuration.

Other use cases this feature is intended to support are the prior
experiment where we fetch top level platform configuration from an rpc
service, and the future goal of integrating with data provided by
Terraform.
 2024-12-19 08:34:05 -08:00
Jeff McCune
3ec62d272e v1alpha5: update kargo crds to 1.1.1 2024-12-19 08:34:04 -08:00
Jeff McCune
49afb44fd4 docs: redirect /docs/comparison/ 2024-12-18 14:37:36 -08:00
Gary Larizza
a023f135ab Add a Comparisons page 
PROBLEM:

We've noticed that Holos almost immediately gets compared to Timoni, and
we frequently get asked for specifics in how they're similar/different.

SOLUTION:

* Add a `Comparison` page.
* Include a section that compares Holos to Timoni

OUTCOME:

Fewer questions about how Holos compares to Timoni because people are
able to find that answer themselves on our docs page.
 2024-12-18 14:33:52 -08:00
Jeff McCune
c6a3a5d689 docs: redirect /docs/kargo/ 2024-12-17 06:30:20 -08:00
Jeff McCune
3f1eed3f06 platform: add kargo.akuity.io custom resource definitions 
Needed for Kargo integration.  Imported with timoni from v1.0.3 Kargo
CRD's.
 2024-12-16 13:19:39 -08:00
Jeff McCune
7fb7df1441 docs: make the linter happy 2024-12-16 11:04:35 -05:00
Jeff McCune
a798111d4d docs: add oci helm charts example 
Question came up in chat, there isn't a good example and it's a pain to
piece together from the reference docs.
 2024-12-16 10:56:50 -05:00
Jeff McCune
3ddb823341 docs: add note about compinit 
Andy ran into issues enabling completion without first figuring out how
to initialize the completion system.
 2024-12-16 08:15:45 -05:00
Jeff McCune
70d48592c4 docs: fix environments topic 
It didn't work, failed with:

  ❯ holos show buildplans --selector app.holos.run/city=ams
  could not run: Component.Name: 2 errors in empty disjunction: (and 2 more errors) at internal/builder/instance.go:66
  Component.Name: 2 errors in empty disjunction:
  Component.Name: conflicting values "no-name" and "podinfo-ams":
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:6:12
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:6:13
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:35:2
      /Users/jeff/Holos/foo/holos-environments-tutorial/tags.cue:13:19
  Component.Name: conflicting values "podinfo" and "podinfo-ams":
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:6:12
      /Users/jeff/Holos/foo/holos-environments-tutorial/components/podinfo/podinfo.cue:7:8
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:6:13
      /Users/jeff/Holos/foo/holos-environments-tutorial/schema.cue:35:2

This was likely because the podinfo component was used in different ways
in different topics.  Don't use the shared component to fix the problem.
 2024-12-13 09:20:52 -05:00
Jeff McCune
006f08df93 docs: add kargo place holder (#378) 2024-12-11 09:58:54 -08:00
Jeff McCune
39e2db5d37 docs: remove related content from youtube embed 
Except stuff in our own channel.
 2024-12-08 19:43:12 -08:00
Jeff McCune
ceb293fd8a docs: fix typescript className not class check error 2024-12-08 19:36:36 -08:00
Jeff McCune
188ff95015 docs: enable youtube fullscreen 
Without this patch the fullscreen button is disabled.
 2024-12-08 19:33:06 -08:00
Jeff McCune
5f658e0ba0 docs: add flux kustomization example (#374) 
Almost identical to the ArgoCD Application example.
 2024-12-08 19:20:12 -08:00
Jeff McCune
18b2850d3c platform: import flux custom resources 
kustomize build https://github.com/fluxcd/flux2/manifests/crds\?ref=v2.4.0 \
      timoni mod vendor crds -f-
 2024-12-08 19:03:18 -08:00
Jeff McCune
366a7fe93d docs: private helm repos need updated schemas (#370) 
Document the need to run holos init platform v1alpha5 --force to use the
private helm repository feature.
 2024-12-08 17:13:56 -08:00
61 changed files with 8740 additions and 32 deletions
Expand all files Collapse all files

5
.cspell.json
View File

@@ -29,6 +29,7 @@
"authpolicy",
"authproxy",
"authroutes",
"autoload",
"automount",
"automounting",
"autoscaler",
@@ -59,6 +60,7 @@
"Cmds",
"CNCF",
"CODEOWNERS",
"compinit",
"componentconfig",
"configdir",
"configmap",
@@ -72,6 +74,7 @@
"creds",
"crossplane",
"crunchydata",
"ctxt",
"cuecontext",
"cuelang",
"customresourcedefinition",
@@ -99,6 +102,7 @@
"fieldmaskpb",
"fieldspec",
"flushcache",
"fluxcd",
"fullname",
"gatewayclass",
"gatewayclasses",
@@ -152,6 +156,7 @@
"jetstack",
"jiralert",
"Jsonnet",
"Kargo",
"kfbh",
"killall",
"kubeadm",

28
api/core/v1alpha5/types.go
View File

@@ -303,6 +303,10 @@ type Component struct {
// Path represents the path of the component relative to the platform root.
// Injected as the tag variable "holos_component_path".
Path string `json:"path" yaml:"path"`
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
Instances []Instance `json:"instances,omitempty" yaml:"instances,omitempty"`
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
WriteTo string `json:"writeTo,omitempty" yaml:"writeTo,omitempty"`
@@ -319,3 +323,27 @@ type Component struct {
// `cli.holos.run/description` to customize the log message of each BuildPlan.
Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
}
// Instance represents a data instance to unify with the configuration.
//
// Useful to unify json and yaml files with cue configuration files for
// integration with other tools. For example, executing holos render platform
// from a pull request workflow after [Kargo] executes the [yaml update] and
// [git wait for pr] promotion steps.
//
// [Kargo]: https://docs.kargo.io/
// [yaml update]: https://docs.kargo.io/references/promotion-steps#yaml-update
// [git wait for pr]: https://docs.kargo.io/references/promotion-steps#git-wait-for-pr
type Instance struct {
// Kind is a discriminator.
Kind string `json:"kind" yaml:"kind" cue:"\"ExtractYAML\""`
// Ignored unless kind is ExtractYAML.
ExtractYAML ExtractYAML `json:"extractYAML,omitempty" yaml:"extractYAML,omitempty"`
}
// ExtractYAML represents a cue data instance encoded as yaml or json. If Path
// refers to a directory all files in the directory are extracted
// non-recursively. Otherwise, path must refer to a file.
type ExtractYAML struct {
Path string `json:"path" yaml:"path"`
}

33
doc/md/api/core.md
View File

@@ -22,12 +22,14 @@ Package core contains schemas for a [Platform](<#Platform>) and [BuildPlan](<#Bu
- [type Chart](<#Chart>)
- [type Command](<#Command>)
- [type Component](<#Component>)
- [type ExtractYAML](<#ExtractYAML>)
- [type File](<#File>)
- [type FileContent](<#FileContent>)
- [type FileContentMap](<#FileContentMap>)
- [type FilePath](<#FilePath>)
- [type Generator](<#Generator>)
- [type Helm](<#Helm>)
- [type Instance](<#Instance>)
- [type InternalLabel](<#InternalLabel>)
- [type Join](<#Join>)
- [type Kind](<#Kind>)
@@ -169,6 +171,10 @@ type Component struct {
// Path represents the path of the component relative to the platform root.
// Injected as the tag variable "holos_component_path".
Path string `json:"path" yaml:"path"`
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
Instances []Instance `json:"instances,omitempty" yaml:"instances,omitempty"`
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
WriteTo string `json:"writeTo,omitempty" yaml:"writeTo,omitempty"`
@@ -187,6 +193,17 @@ type Component struct {
}
```
<a name="ExtractYAML"></a>
## type ExtractYAML {#ExtractYAML}
ExtractYAML represents a cue data instance encoded as yaml or json. If Path refers to a directory all files in the directory are extracted non\-recursively. Otherwise, path must refer to a file.
```go
type ExtractYAML struct {
Path string `json:"path" yaml:"path"`
}
```
<a name="File"></a>
## type File {#File}
@@ -279,6 +296,22 @@ type Helm struct {
}
```
<a name="Instance"></a>
## type Instance {#Instance}
Instance represents a data instance to unify with the configuration.
Useful to unify json and yaml files with cue configuration files for integration with other tools. For example, executing holos render platform from a pull request workflow after [Kargo](<https://docs.kargo.io/>) executes the [yaml update](<https://docs.kargo.io/references/promotion-steps#yaml-update>) and [git wait for pr](<https://docs.kargo.io/references/promotion-steps#git-wait-for-pr>) promotion steps.
```go
type Instance struct {
// Kind is a discriminator.
Kind string `json:"kind" yaml:"kind" cue:"\"ExtractYAML\""`
// Ignored unless kind is ExtractYAML.
ExtractYAML ExtractYAML `json:"extractYAML,omitempty" yaml:"extractYAML,omitempty"`
}
```
<a name="InternalLabel"></a>
## type InternalLabel {#InternalLabel}

57
doc/md/topics/comparison.mdx Normal file
View File

@@ -0,0 +1,57 @@
---
description: Holos compared to other tools
sidebar_label: Comparison
slug: comparison
sidebar_position: 40
---
{/* cspell:ignore Prodan, rollouts */}
# Holos compared to other tools
## Timoni
Holos and Timoni both aim to solve similar problems but approach them at
different levels of the stack.
Timoni focuses on managing applications by evaluating [CUE] stored in OCI
containers. Its creator, Stephan Prodan, envisions a controller that applies the
resulting manifests. In this process, Timoni defers to [Flux] for managing Helm
charts within the cluster.
In contrast, Holos implements the [Rendered Manifests Pattern] and takes a
different approach, particularly in how it handles [Helm] charts. Like
[ArgoCD], Holos renders Helm charts into manifests using the `helm template`
command in its rendering pipeline. Holos differs from Timoni in several important
ways:
1. **Separation of Responsibilities:** Holos stops short of applying
rendered manifests to a cluster, leaving that task to existing tools like
[ArgoCD], [Flux], or even basic `kubectl apply` commands.
2. **Ecosystem Integration:** By focusing solely on rendering Kubernetes
manifests, Holos creates space for other tools to handle deployment and
management. For instance, Holos integrates seamlessly with [Kargo] for
progressive rollouts, as [Kargo] operates between Holos and the Kubernetes API.
This approach ensures that you're not locked into any specific tool and can
choose the best solution for each task.
3. **Platform Integration:** Holos focuses on integrating multiple Components
into a larger Platform. In Holos terminology, a Component refers to a wrapper
for [Helm] charts, [Kustomize] bases, or raw YAML files, integrated into the
rendering pipeline through [CUE]. A Platform represents the full combination of
these components.
4. **Explicit Rendering Pipeline:** Holos emphasizes flexibility in its
rendering pipeline. The system allows any tool that generates Kubernetes
manifests to be wrapped in a Generator, which can then feed into existing
transformers like [Kustomize]. This explicit separation makes Holos highly
adaptable for different workflows.
[Kargo]: https://kargo.io/
[Flux]: https://fluxcd.io
[Helm]: https://helm.sh
[ArgoCD]: https://argoproj.github.io/cd/
[Kustomize]: https://kustomize.io/
[CUE]: https://cuelang.org/
[Rendered Manifests Pattern]: https://akuity.io/blog/the-rendered-manifests-pattern

218
doc/md/topics/gitops/flux-kustomization.mdx Normal file
View File

@@ -0,0 +1,218 @@
---
slug: flux-kustomization
title: Flux Kustomization
description: Configuring a Kustomization for each Component.
sidebar_position: 120
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import CommonComponent from '../../common/example-component.mdx';
import CommonComponentIntegrate from '../../common/example-component-integrate.mdx';
# Flux Kustomization
## Overview
This topic covers how to mix in a Flux Kustomization to all components. We'll
use the `Artifacts` field of [ComponentConfig] defined by the author schema.
## The Code
### Generating the structure
Use `holos` to generate a minimal platform directory structure. Start by
creating a blank directory to hold the platform configuration.
```shell
mkdir holos-flux-kustomization && cd holos-flux-kustomization
```
```shell
holos init platform v1alpha5
```
### Creating an example Component
<CommonComponent />
<CommonComponentIntegrate />
## Adding Flux Kustomizations
Configure Holos to render a [Kustomization] by defining an [Artifact] for it in
every BuildPlan holos produces. We're unifying our custom configuration with
the existing `#ComponentConfig` defined in `schema.cue`.
```bash
cat <<EOF >flux-kustomization.cue
```
```cue showLineNumbers
package holos
import (
"path"
flux "kustomize.toolkit.fluxcd.io/kustomization/v1"
)
#ComponentConfig: {
Name: _
OutputBaseDir: _
let ArtifactPath = path.Join([OutputBaseDir, "gitops", "\(Name).kustomization.gen.yaml"], path.Unix)
let ResourcesPath = path.Join(["deploy", OutputBaseDir, "components", Name], path.Unix)
Artifacts: "\(Name)-kustomization": {
artifact: ArtifactPath
generators: [{
kind: "Resources"
output: artifact
resources: Kustomization: (Name): flux.#Kustomization & {
metadata: name: Name
metadata: namespace: "default"
spec: {
interval: "5m"
timeout: "1m"
prune: true
path: ResourcesPath
sourceRef: {
kind: "GitRepository"
name: "webapp"
}
}
}
}]
}
}
```
```bash
EOF
```
## Inspecting the BuildPlan
Our customized `#ComponentConfig` results in the following `BuildPlan`.
:::note
The second artifact around line 40 contains the configured `Kustomization`
resource.
:::
<Tabs groupId="55075C71-02E8-4222-88C0-2D52C82D18FC">
<TabItem value="command" label="Command">
```bash
holos cue export --expression holos --out=yaml ./components/podinfo
```
</TabItem>
<TabItem value="output" label="Output">
```yaml showLineNumbers
kind: BuildPlan
apiVersion: v1alpha5
metadata:
name: podinfo
spec:
artifacts:
- artifact: components/podinfo/podinfo.gen.yaml
generators:
- kind: Helm
output: helm.gen.yaml
helm:
chart:
name: podinfo
version: 6.6.2
release: podinfo
repository:
name: podinfo
url: https://stefanprodan.github.io/podinfo
values:
ui:
message: Hello World
enableHooks: false
- kind: Resources
output: resources.gen.yaml
resources: {}
validators: []
transformers:
- kind: Kustomize
inputs:
- helm.gen.yaml
- resources.gen.yaml
output: components/podinfo/podinfo.gen.yaml
kustomize:
kustomization:
resources:
- helm.gen.yaml
- resources.gen.yaml
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
- artifact: gitops/podinfo.kustomization.gen.yaml
generators:
- kind: Resources
output: gitops/podinfo.kustomization.gen.yaml
resources:
Kustomization:
podinfo:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
path: deploy/components/podinfo
prune: true
sourceRef:
kind: GitRepository
name: webapp
timeout: 1m
```
</TabItem>
</Tabs>
## Rendering manifests
<Tabs groupId="E150C802-7162-4FBF-82A7-77D9ADAEE847">
<TabItem value="command" label="Command">
```bash
holos render platform
```
</TabItem>
<TabItem value="output" label="Output">
```
rendered podinfo in 140.341417ms
rendered platform in 140.441333ms
```
</TabItem>
</Tabs>
## Reviewing the Kustomization
The Artifact we added to `#ComponentConfig` will produce a Flux Kustomization
resource for every component in the platform. The output in this example is
located at:
```txt
deploy/gitops/podinfo.kustomization.gen.yaml
```
```yaml showLineNumbers
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
path: deploy/components/podinfo
prune: true
sourceRef:
kind: GitRepository
name: webapp
timeout: 1m
```
[podinfo]: https://github.com/stefanprodan/podinfo
[CUE Module]: https://cuelang.org/docs/reference/modules/
[CUE Tags]: https://cuelang.org/docs/howto/inject-value-into-evaluation-using-tag-attribute/
[Kustomization]: https://fluxcd.io/flux/components/kustomize/kustomizations/
[Platform]: ../../api/author.md#Platform
[ComponentConfig]: ../../api/author.md#ComponentConfig
[Artifact]: ../../api/core.md#Artifact

20
doc/md/topics/kargo.mdx Normal file
View File

@@ -0,0 +1,20 @@
---
description: Kargo
slug: kargo
sidebar_position: 110
---
# Kargo
Holos pairs nicely with [Kargo], offering a holistic solution for code
promotion across stages.
Watch this space for a more detailed write up of the integration being
developed.
If you're interested in this topic, please thumbs up the [Kargo
Topic](https://github.com/holos-run/holos/issues/378) issue, or drop into
[Discord] and let us know about your use case.
[Kargo]: https://kargo.io/
[Discord]: https://discord.gg/JgDVbNpye7

65
doc/md/topics/oci-helm-charts.mdx Normal file
View File

@@ -0,0 +1,65 @@
---
description: OCI Helm Charts
slug: oci-helm-charts
sidebar_position: 710
---
# OCI Helm Charts
Holos supports OCI Helm charts. Use the following example to get started.
```bash
mkdir -p oci-helm && cd oci-helm
holos init platform v1alpha5
```
```bash
mkdir -p components/podinfo-oci
cat <<EOF > components/podinfo-oci/podinfo-oci.cue
```
```cue showLineNumbers
package holos
holos: Component.BuildPlan
Component: #Helm & {
Chart: {
name: "oci://ghcr.io/stefanprodan/charts/podinfo"
release: "podinfo"
version: "6.6.2"
}
}
```
```bash
EOF
```
Register the component with the platform.
```bash
cat <<EOF >platform/podinfo-oci.cue
```
```cue showLineNumbers
package holos
Platform: Components: podinfo: {
name: "podinfo-oci"
path: "components/podinfo-oci"
}
```
```bash
EOF
```
The OCI chart is cached in the vendor directory and rendered.
```bash
holos render platform
```
```txt
Pulled: ghcr.io/stefanprodan/charts/podinfo:6.6.2
Digest: sha256:83295d47de6d6ca634ed4b952a7572fc176bcc38854d0c11ca0fa197bc5f1154
rendered podinfo-oci in 7.21581325s
rendered platform in 7.216199167s
```

10
doc/md/topics/private-helm.mdx
View File

@@ -1,11 +1,19 @@
---
description: Private Helm Repositories
slug: private-helm
sidebar_position: 999
sidebar_position: 700
---
# Private Helm
Holos supports private Helm repositories accessed with http basic authentication
since `v0.101.4`. Use the following command to update your author and core
schemas to support this configuration.
```bash
holos init platform v1alpha5 --force
```
## Configuration
Holos uses the Helm SDK and defers to it for authentication to private

38
doc/md/topics/structures/environments.mdx
View File

@@ -45,7 +45,40 @@ holos init platform v1alpha5
### Using an example Component
<CommonComponent />
Create a directory for the example `podinfo` component we'll use to render
platform manifests.
```bash
mkdir -p components/podinfo
```
Create the CUE configuration for the example `podinfo` component.
```bash
cat <<EOF >components/podinfo/podinfo.cue
```
```cue showLineNumbers
package holos
holos: Component.BuildPlan
Component: #Helm & {
Chart: {
name: "podinfo"
version: "6.6.2"
repository: {
name: "podinfo"
url: "https://stefanprodan.github.io/podinfo"
}
}
Values: ui: {
message: string | *"Hello World" @tag(message, type=string)
}
}
```
```bash
EOF
```
We'll integrate the component with the platform after we define the
configuration structures.
@@ -277,6 +310,9 @@ let ProdPodinfo = {
parameters: EnvironmentName: "prod-\(_city)"
}
```
```
EOF
```
### Using the environment

15
doc/md/tutorial/setup.mdx
View File

@@ -38,8 +38,23 @@ go install github.com/holos-run/holos/cmd/holos@latest
### Completion
:::tip
Completion is automatically enabled if [brew shell
completion](https://docs.brew.sh/Shell-Completion) is also enabled.
:::
<Tabs groupId="65F79D28-2E57-4A90-8EBA-3D8758C80233">
<TabItem value="zsh" label="zsh">
Add the following to `~/.zshrc` if not already present to initialize zsh completion.
```bash
autoload -Uz compinit
compinit
```
Then load holos completion after zsh completion has been initialized.
```bash
source <(holos completion zsh)
```

24
doc/website/src/components/YouTube/index.tsx
View File

@@ -2,15 +2,15 @@ import styles from './styles.module.css';
//Pulled from: https://gaudion.dev/blog/mdx-youtube-embed
//components/mdx/YouTube.tsx
export default function YouTube ({ id } : { id : string }){
return (
<div class={styles.videoWrapper}>
<iframe
className="aspect-video w-full"
src={"https://www.youtube.com/embed/" + id}
title="YouTube Video Player"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
></iframe>
</div>
);
};
export default function YouTube({ id }: { id: string }) {
return (
<div className={styles.videoWrapper}>
<iframe
className="aspect-video w-full"
src={"https://www.youtube.com/embed/" + id + "?rel=0"}
title="YouTube Video Player"
allow="picture-in-picture; fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope;"
></iframe>
</div>
);
};

4
doc/website/static/_redirects
View File

@@ -14,3 +14,7 @@
/docs/local-cluster/ /docs/v1alpha5/topics/local-cluster/ 301
/docs/guides/helm /docs/v1alpha5/tutorial/helm-values/ 301
/docs/guides/helm/ /docs/v1alpha5/tutorial/helm-values/ 301
/docs/kargo /docs/v1alpha5/topics/kargo/ 301
/docs/kargo/ /docs/v1alpha5/topics/kargo/ 301
/docs/comparison /docs/v1alpha5/topics/comparison/ 301
/docs/comparison/ /docs/v1alpha5/topics/comparison/ 301

70
internal/builder/instance.go
View File

@@ -5,17 +5,67 @@ import (
"encoding/json"
"fmt"
"log/slog"
"os"
"path/filepath"
"strings"
"cuelang.org/go/cue"
"cuelang.org/go/cue/cuecontext"
"cuelang.org/go/cue/load"
"cuelang.org/go/encoding/yaml"
"github.com/holos-run/holos/internal/errors"
"github.com/holos-run/holos/internal/holos"
"github.com/holos-run/holos/internal/util"
)
func LoadInstance(path string, tags []string) (*Instance, error) {
// ExtractYAML extracts yaml encoded data from file paths. The data is unified
// into one [cue.Value]. If a path element is a directory, all files in the
// directory are loaded non-recursively.
//
// Attribution: https://github.com/cue-lang/cue/issues/3504
func ExtractYAML(ctxt *cue.Context, filepaths []string) (cue.Value, error) {
value := ctxt.CompileString("")
files := make([]string, 0, 10*len(filepaths))
for _, path := range filepaths {
info, err := os.Stat(path)
if err != nil {
return value, errors.Wrap(err)
}
if !info.IsDir() {
files = append(files, path)
continue
}
entries, err := os.ReadDir(path)
if err != nil {
return value, errors.Wrap(err)
}
for _, entry := range entries {
if entry.IsDir() {
continue
}
files = append(files, filepath.Join(path, entry.Name()))
}
}
for _, file := range files {
f, err := yaml.Extract(file, nil)
if err != nil {
return value, errors.Wrap(err)
}
value = value.Unify(ctxt.BuildFile(f))
}
return value, nil
}
// LoadInstance loads the cue configuration instance at path. External data
// file paths are loaded by calling [ExtractYAML] providing filepaths. The
// extracted data values are unified with the platform configuration [cue.Value]
// in the returned [Instance].
func LoadInstance(path string, filepaths []string, tags []string) (*Instance, error) {
root, leaf, err := util.FindRootLeaf(path)
if err != nil {
return nil, errors.Wrap(err)
@@ -26,20 +76,26 @@ func LoadInstance(path string, tags []string) (*Instance, error) {
ModuleRoot: root,
Tags: tags,
}
ctxt := cuecontext.New()
ctx := cuecontext.New()
instances := load.Instances([]string{leaf}, cfg)
values, err := ctx.BuildInstances(instances)
bis := load.Instances([]string{path}, cfg)
values, err := ctxt.BuildInstances(bis)
if err != nil {
return nil, errors.Wrap(err)
}
value, err := ExtractYAML(ctxt, filepaths)
if err != nil {
return nil, errors.Wrap(err)
}
// TODO: https://cuelang.org/docs/howto/place-data-go-api/
value = value.Unify(values[0])
inst := &Instance{
path: leaf,
ctx: ctx,
ctx: ctxt,
cfg: cfg,
value: values[0],
value: value,
}
return inst, nil

14
internal/builder/v1alpha5/builder.go
View File

@@ -107,6 +107,20 @@ func (c *Component) Path() string {
return util.DotSlash(c.Component.Path)
}
// ExtractYAML returns the path values for the --extract-yaml command line flag.
func (c *Component) ExtractYAML() ([]string, error) {
if c == nil {
return nil, nil
}
instances := make([]string, 0, len(c.Component.Instances))
for _, instance := range c.Component.Instances {
if instance.Kind == "ExtractYAML" {
instances = append(instances, instance.ExtractYAML.Path)
}
}
return instances, nil
}
var _ holos.BuildPlan = &BuildPlan{}
var _ task = generatorTask{}
var _ task = transformersTask{}

17
internal/cli/render/render.go
View File

@@ -43,6 +43,8 @@ func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
cmd.Flags().IntVar(&concurrency, "concurrency", runtime.NumCPU(), "number of components to render concurrently")
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var selector holos.Selector
cmd.Flags().VarP(&selector, "selector", "l", "label selector (e.g. label==string,label!=string)")
tagMap := make(holos.TagMap)
@@ -57,7 +59,7 @@ func newPlatform(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
log.WarnContext(ctx, fmt.Sprintf(msg, platform))
}
inst, err := builder.LoadInstance(platform, tagMap.Tags())
inst, err := builder.LoadInstance(platform, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -107,12 +109,14 @@ func newComponent(cfg *holos.Config, feature holos.Flagger) *cobra.Command {
cmd.Flags().VarP(&tagMap, "inject", "t", tagHelp)
var concurrency int
cmd.Flags().IntVar(&concurrency, "concurrency", runtime.NumCPU(), "number of concurrent build steps")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
cmd.RunE = func(cmd *cobra.Command, args []string) error {
ctx := cmd.Root().Context()
path := args[0]
inst, err := builder.LoadInstance(path, tagMap.Tags())
inst, err := builder.LoadInstance(path, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -146,7 +150,11 @@ func makeComponentRenderFunc(w io.Writer, prefixArgs, cliTags []string) func(con
if err != nil {
return errors.Wrap(err)
}
args := make([]string, 0, 10+len(prefixArgs)+(len(tags)*2))
filepaths, err := component.ExtractYAML()
if err != nil {
return errors.Wrap(err)
}
args := make([]string, 0, 10+len(prefixArgs)+(len(tags)*2+len(filepaths)*2))
args = append(args, prefixArgs...)
args = append(args, "render", "component")
for _, tag := range cliTags {
@@ -155,6 +163,9 @@ func makeComponentRenderFunc(w io.Writer, prefixArgs, cliTags []string) func(con
for _, tag := range tags {
args = append(args, "--inject", tag)
}
for _, path := range filepaths {
args = append(args, "--extract-yaml", path)
}
args = append(args, component.Path())
if _, err := util.RunCmdA(ctx, w, "holos", args...); err != nil {
return errors.Format("could not render component: %w", err)

14
internal/cli/show.go
View File

@@ -30,13 +30,15 @@ func newShowPlatformCmd() (cmd *cobra.Command) {
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var format string
cmd.Flags().StringVar(&format, "format", "yaml", "yaml or json format")
tagMap := make(holos.TagMap)
cmd.Flags().VarP(&tagMap, "inject", "t", "set the value of a cue @tag field from a key=value pair")
cmd.RunE = func(c *cobra.Command, args []string) (err error) {
inst, err := builder.LoadInstance(platform, tagMap.Tags())
inst, err := builder.LoadInstance(platform, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -64,6 +66,8 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
var platform string
cmd.Flags().StringVar(&platform, "platform", "./platform", "platform directory path")
var extractYAMLs holos.StringSlice
cmd.Flags().Var(&extractYAMLs, "extract-yaml", "data file paths to extract and unify with the platform config")
var format string
cmd.Flags().StringVar(&format, "format", "yaml", "yaml or json format")
var selector holos.Selector
@@ -75,7 +79,7 @@ func newShowBuildPlanCmd() (cmd *cobra.Command) {
cmd.RunE = func(c *cobra.Command, args []string) (err error) {
path := platform
inst, err := builder.LoadInstance(path, tagMap.Tags())
inst, err := builder.LoadInstance(path, extractYAMLs, tagMap.Tags())
if err != nil {
return errors.Wrap(err)
}
@@ -122,7 +126,11 @@ func makeBuildFunc(encoder holos.OrderedEncoder, opts holos.BuildOpts) func(cont
return errors.Wrap(err)
}
tags = append(tags, opts.Tags...)
inst, err := builder.LoadInstance(component.Path(), tags)
filepaths, err := component.ExtractYAML()
if err != nil {
return errors.Wrap(err)
}
inst, err := builder.LoadInstance(component.Path(), filepaths, tags)
if err != nil {
return errors.Wrap(err)
}

30
internal/generate/platforms/cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha5/types_go_gen.cue
View File

@@ -334,6 +334,11 @@ package core
// Injected as the tag variable "holos_component_path".
path: string @go(Path)
// Instances represents additional cue instance paths to unify with Path.
// Useful to unify data files into a component BuildPlan. Added in holos
// 0.101.7.
instances?: [...#Instance] @go(Instances,[]Instance)
// WriteTo represents the holos render component --write-to flag. If empty,
// the default value for the --write-to flag is used.
writeTo?: string @go(WriteTo)
@@ -353,3 +358,28 @@ package core
// `cli.holos.run/description` to customize the log message of each BuildPlan.
annotations?: {[string]: string} @go(Annotations,map[string]string)
}
// Instance represents a data instance to unify with the configuration.
//
// Useful to unify json and yaml files with cue configuration files for
// integration with other tools. For example, executing holos render platform
// from a pull request workflow after [Kargo] executes the [yaml update] and
// [git wait for pr] promotion steps.
//
// [Kargo]: https://docs.kargo.io/
// [yaml update]: https://docs.kargo.io/references/promotion-steps#yaml-update
// [git wait for pr]: https://docs.kargo.io/references/promotion-steps#git-wait-for-pr
#Instance: {
// Kind is a discriminator.
kind: string & "ExtractYAML" @go(Kind)
// Ignored unless kind is ExtractYAML.
extractYAML?: #ExtractYAML @go(ExtractYAML)
}
// ExtractYAML represents a cue data instance encoded as yaml or json. If Path
// refers to a directory all files in the directory are extracted
// non-recursively. Otherwise, path must refer to a file.
#ExtractYAML: {
path: string @go(Path)
}

753
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2/types_gen.cue Normal file
View File

@@ -0,0 +1,753 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1.HelmChart that should be
// created
// for this HelmRelease.
chart?: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: strings.MaxRunes(2048) & strings.MinRunes(1)
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which to check the v1.Source for updates. Defaults
// to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1.Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact,
// are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableSchemaValidation prevents the Helm install action from
// validating
// the values against the JSON Schema.
disableSchemaValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '5'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: strings.MaxRunes(253) & strings.MinRunes(1)
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// Filters is a list of tests to run or exclude from running.
filters?: [...{
// Exclude specifies whether the named test should be excluded.
exclude?: bool
// Name is the name of the test.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableSchemaValidation prevents the Helm upgrade action from
// validating
// the values against the JSON Schema.
disableSchemaValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

825
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,825 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2beta1
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1beta2.HelmChart that should
// be created
// for this HelmRelease.
chart: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1beta2.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: string
// Interval at which to check the v1beta2.Source for updates.
// Defaults to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1beta2.Source the chart is
// available at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1beta2.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
//
// Note: this field is provisional to the v2 API, and not actively
// used
// by v2beta1 HelmReleases.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
//
// Note: this field is provisional to the v2beta2 API, and not
// actively used
// by v2beta1 HelmReleases.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt-in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '10'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
patchesStrategicMerge?: [...]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: string
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
// When set, must be a valid Data Key, consisting of alphanumeric
// characters,
// '-', '_' or '.'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

831
internal/generate/platforms/cue.mod/gen/helm.toolkit.fluxcd.io/helmrelease/v2beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,831 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v2beta2
import "strings"
// HelmRelease is the Schema for the helmreleases API
#HelmRelease: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "helm.toolkit.fluxcd.io/v2beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRelease"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmReleaseSpec defines the desired state of a Helm release.
spec!: #HelmReleaseSpec
}
// HelmReleaseSpec defines the desired state of a Helm release.
#HelmReleaseSpec: {
// Chart defines the template of the v1beta2.HelmChart that should
// be created
// for this HelmRelease.
chart?: {
// ObjectMeta holds the template for metadata like labels and
// annotations.
metadata?: {
// Annotations is an unstructured key value map stored with a
// resource that may be
// set by external tools to store and retrieve arbitrary metadata.
// They are not
// queryable and should be preserved when modifying objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations?: {
[string]: string
}
// Map of string keys and values that can be used to organize and
// categorize
// (scope and select) objects.
// More info:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels?: {
[string]: string
}
}
// Spec holds the template for the v1beta2.HelmChartSpec for this
// HelmRelease.
spec: {
// The name or path the Helm chart is available at in the
// SourceRef.
chart: strings.MaxRunes(2048) & strings.MinRunes(1)
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which to check the v1.Source for updates. Defaults
// to
// 'HelmReleaseSpec.Interval'.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The name and namespace of the v1.Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported for OCI sources.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact,
// are not verified.
verify?: {
// Provider specifies the technology used to sign the OCI Helm
// chart.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version semver expression, ignored for charts from
// v1beta2.GitRepository and
// v1beta2.Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}
}
// ChartRef holds a reference to a source controller resource
// containing the
// Helm chart artifact.
//
// Note: this field is provisional to the v2 API, and not actively
// used
// by v2beta2 HelmReleases.
chartRef?: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "HelmChart"
// Name of the referent.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: strings.MaxRunes(63) & strings.MinRunes(1)
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with
// references to HelmRelease resources that must be ready before
// this HelmRelease
// can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// DriftDetection holds the configuration for detecting and
// handling
// differences between the manifest in the Helm storage and the
// resources
// currently existing in the cluster.
driftDetection?: {
// Ignore contains a list of rules for specifying which changes to
// ignore
// during diffing.
ignore?: [...{
// Paths is a list of JSON Pointer (RFC 6901) paths to be excluded
// from
// consideration in a Kubernetes object.
paths: [...string]
// Target is a selector for specifying Kubernetes objects to which
// this
// rule applies.
// If Target is not set, the Paths will be ignored for all
// Kubernetes
// objects within the manifest of the Helm release.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Mode defines how differences should be handled between the Helm
// manifest
// and the manifest currently applied to the cluster.
// If not explicitly set, it defaults to DiffModeDisabled.
mode?: "enabled" | "warn" | "disabled"
}
// Install holds the configuration for Helm install actions for
// this HelmRelease.
install?: {
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Create` and if omitted
// CRDs are installed but not updated.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are applied (installed) during Helm install
// action.
// With this option users can opt in to CRD replace existing CRDs
// on Helm
// install actions, which is not (yet) natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// CreateNamespace tells the Helm install action to create the
// HelmReleaseSpec.TargetNamespace if it does not exist yet.
// On uninstall, the namespace will not be garbage collected.
createNamespace?: bool
// DisableHooks prevents hooks from running during the Helm
// install action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm install action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// install has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// install has been performed.
disableWaitForJobs?: bool
// Remediation holds the remediation configuration for when the
// Helm install
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an install action but fail. Defaults to
// 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false'.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using an uninstall, is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
}
// Replace tells the Helm install action to re-use the
// 'ReleaseName', but only
// if that name is a deleted release which remains in the history.
replace?: bool
// SkipCRDs tells the Helm install action to not install any CRDs.
// By default,
// CRDs are installed if not already present.
//
// Deprecated use CRD policy (`crds`) attribute with value `Skip`
// instead.
skipCRDs?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm install
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Interval at which to reconcile the Helm release.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// MaxHistory is the number of revisions saved by Helm for this
// HelmRelease.
// Use '0' for an unlimited number of revisions; defaults to '5'.
maxHistory?: int
// PersistentClient tells the controller to use a persistent
// Kubernetes
// client for this release. When enabled, the client will be
// reused for the
// duration of the reconciliation, instead of being created and
// destroyed
// for each (step of a) Helm action.
//
// This can improve performance, but may cause issues with some
// Helm charts
// that for example do create Custom Resource Definitions during
// installation
// outside Helm's CRD lifecycle hooks, which are then not observed
// to be
// available by e.g. post-install hooks.
//
// If not set, it defaults to true.
persistentClient?: bool
// PostRenderers holds an array of Helm PostRenderers, which will
// be applied in order
// of their definition.
postRenderers?: [...{
// Kustomization to apply as PostRenderer.
kustomize?: {
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
// Deprecated: use Patches instead.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
// Deprecated: use Patches instead.
patchesStrategicMerge?: [...]
}
}]
// ReleaseName used for the Helm release. Defaults to a
// composition of
// '[TargetNamespace-]Name'.
releaseName?: strings.MaxRunes(53) & strings.MinRunes(1)
// Rollback holds the configuration for Helm rollback actions for
// this HelmRelease.
rollback?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// rollback action when it fails.
cleanupOnFail?: bool
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// rollback has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// rollback has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// Recreate performs pod restarts for the resource if applicable.
recreate?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm rollback
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// The name of the Kubernetes service account to impersonate
// when reconciling this HelmRelease.
serviceAccountName?: strings.MaxRunes(253) & strings.MinRunes(1)
// StorageNamespace used for the Helm storage.
// Defaults to the namespace of the HelmRelease.
storageNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Suspend tells the controller to suspend reconciliation for this
// HelmRelease,
// it does not apply to already started reconciliations. Defaults
// to false.
suspend?: bool
// TargetNamespace to target when performing operations for the
// HelmRelease.
// Defaults to the namespace of the HelmRelease.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Test holds the configuration for Helm test actions for this
// HelmRelease.
test?: {
// Enable enables Helm test actions for this HelmRelease after an
// Helm install
// or upgrade action has been performed.
enable?: bool
// Filters is a list of tests to run or exclude from running.
filters?: [...{
// Exclude specifies whether the named test should be excluded.
exclude?: bool
// Name is the name of the test.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
// IgnoreFailures tells the controller to skip remediation when
// the Helm tests
// are run but fail. Can be overwritten for tests run after
// install or upgrade
// actions in 'Install.IgnoreTestFailures' and
// 'Upgrade.IgnoreTestFailures'.
ignoreFailures?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation during
// the performance of a Helm test action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like Jobs
// for hooks) during the performance of a Helm action. Defaults to
// '5m0s'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Uninstall holds the configuration for Helm uninstall actions
// for this HelmRelease.
uninstall?: {
// DeletionPropagation specifies the deletion propagation policy
// when
// a Helm uninstall is performed.
deletionPropagation?: "background" | "foreground" | "orphan" | *"background"
// DisableHooks prevents hooks from running during the Helm
// rollback action.
disableHooks?: bool
// DisableWait disables waiting for all the resources to be
// deleted after
// a Helm uninstall is performed.
disableWait?: bool
// KeepHistory tells Helm to remove all associated resources and
// mark the
// release as deleted, but retain the release history.
keepHistory?: bool
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm uninstall
// action. Defaults
// to 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Upgrade holds the configuration for Helm upgrade actions for
// this HelmRelease.
upgrade?: {
// CleanupOnFail allows deletion of new resources created during
// the Helm
// upgrade action when it fails.
cleanupOnFail?: bool
// CRDs upgrade CRDs from the Helm Chart's crds directory
// according
// to the CRD upgrade policy provided here. Valid values are
// `Skip`,
// `Create` or `CreateReplace`. Default is `Skip` and if omitted
// CRDs are neither installed nor upgraded.
//
// Skip: do neither install nor replace (update) any CRDs.
//
// Create: new CRDs are created, existing CRDs are neither updated
// nor deleted.
//
// CreateReplace: new CRDs are created, existing CRDs are updated
// (replaced)
// but not deleted.
//
// By default, CRDs are not applied during Helm upgrade action.
// With this
// option users can opt-in to CRD upgrade, which is not (yet)
// natively supported by Helm.
// https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
crds?: "Skip" | "Create" | "CreateReplace"
// DisableHooks prevents hooks from running during the Helm
// upgrade action.
disableHooks?: bool
// DisableOpenAPIValidation prevents the Helm upgrade action from
// validating
// rendered templates against the Kubernetes OpenAPI Schema.
disableOpenAPIValidation?: bool
// DisableWait disables the waiting for resources to be ready
// after a Helm
// upgrade has been performed.
disableWait?: bool
// DisableWaitForJobs disables waiting for jobs to complete after
// a Helm
// upgrade has been performed.
disableWaitForJobs?: bool
// Force forces resource updates through a replacement strategy.
force?: bool
// PreserveValues will make Helm reuse the last release's values
// and merge in
// overrides from 'Values'. Setting this flag makes the
// HelmRelease
// non-declarative.
preserveValues?: bool
// Remediation holds the remediation configuration for when the
// Helm upgrade
// action for the HelmRelease fails. The default is to not perform
// any action.
remediation?: {
// IgnoreTestFailures tells the controller to skip remediation
// when the Helm
// tests are run after an upgrade action but fail.
// Defaults to 'Test.IgnoreFailures'.
ignoreTestFailures?: bool
// RemediateLastFailure tells the controller to remediate the last
// failure, when
// no retries remain. Defaults to 'false' unless 'Retries' is
// greater than 0.
remediateLastFailure?: bool
// Retries is the number of retries that should be attempted on
// failures before
// bailing. Remediation, using 'Strategy', is performed between
// each attempt.
// Defaults to '0', a negative integer equals to unlimited
// retries.
retries?: int
// Strategy to use for failure remediation. Defaults to
// 'rollback'.
strategy?: "rollback" | "uninstall"
}
// Timeout is the time to wait for any individual Kubernetes
// operation (like
// Jobs for hooks) during the performance of a Helm upgrade
// action. Defaults to
// 'HelmReleaseSpec.Timeout'.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
}
// Values holds the values for this Helm release.
values?: _
// ValuesFrom holds references to resources containing Helm values
// for this HelmRelease,
// and information about how they should be merged.
valuesFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional marks this ValuesReference as optional. When set, a
// not found error
// for the values reference is ignored, but any ValuesKey,
// TargetPath or
// transient error will still result in a reconciliation failure.
optional?: bool
// TargetPath is the YAML dot notation path the value should be
// merged at. When
// set, the ValuesKey is expected to be a single flat value.
// Defaults to 'None',
// which results in the values getting merged at the root.
targetPath?: strings.MaxRunes(250) & {
=~"^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$"
}
// ValuesKey is the data key where the values.yaml or a specific
// value can be
// found at. Defaults to 'values.yaml'.
valuesKey?: strings.MaxRunes(253) & {
=~"^[\\-._a-zA-Z0-9]+$"
}
}]
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagepolicy/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImagePolicy is the Schema for the imagepolicies API
#ImagePolicy: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImagePolicy"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy
spec!: #ImagePolicySpec
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy
#ImagePolicySpec: {
// FilterTags enables filtering for only a subset of tags based on
// a set of
// rules. If no rules are provided, all the tags from the
// repository will be
// ordered and compared.
filterTags?: {
// Extract allows a capture group to be extracted from the
// specified regular
// expression pattern, useful before tag evaluation.
extract?: string
// Pattern specifies a regular expression pattern used to filter
// for image
// tags.
pattern?: string
}
// ImageRepositoryRef points at the object specifying the image
// being scanned
imageRepositoryRef: {
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}
// Policy gives the particulars of the policy to be followed in
// selecting the most recent image
policy: {
alphabetical?: {
// Order specifies the sorting order of the tags. Given the
// letters of the
// alphabet as tags, ascending order would select Z, and
// descending order
// would select A.
order?: "asc" | "desc" | *"asc"
}
numerical?: {
// Order specifies the sorting order of the tags. Given the
// integer values
// from 0 to 9 as tags, ascending order would select 9, and
// descending order
// would select 0.
order?: "asc" | "desc" | *"asc"
}
semver?: {
// Range gives a semver range for the image tag; the highest
// version within the range that's a tag yields the latest image.
range: string
}
}
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagepolicy/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// ImagePolicy is the Schema for the imagepolicies API
#ImagePolicy: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImagePolicy"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy.
spec!: #ImagePolicySpec
}
// ImagePolicySpec defines the parameters for calculating the
// ImagePolicy.
#ImagePolicySpec: {
// FilterTags enables filtering for only a subset of tags based on
// a set of
// rules. If no rules are provided, all the tags from the
// repository will be
// ordered and compared.
filterTags?: {
// Extract allows a capture group to be extracted from the
// specified regular
// expression pattern, useful before tag evaluation.
extract?: string
// Pattern specifies a regular expression pattern used to filter
// for image
// tags.
pattern?: string
}
// ImageRepositoryRef points at the object specifying the image
// being scanned
imageRepositoryRef: {
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}
// Policy gives the particulars of the policy to be followed in
// selecting the most recent image
policy: {
alphabetical?: {
// Order specifies the sorting order of the tags. Given the
// letters of the
// alphabet as tags, ascending order would select Z, and
// descending order
// would select A.
order?: "asc" | "desc" | *"asc"
}
numerical?: {
// Order specifies the sorting order of the tags. Given the
// integer values
// from 0 to 9 as tags, ascending order would select 9, and
// descending order
// would select 0.
order?: "asc" | "desc" | *"asc"
}
semver?: {
// Range gives a semver range for the image tag; the highest
// version within the range that's a tag yields the latest image.
range: string
}
}
}

105
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagerepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,105 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImageRepository is the Schema for the imagerepositories API
#ImageRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
spec!: #ImageRepositorySpec
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
#ImageRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// ExclusionList is a list of regex strings used to exclude
// certain tags
// from being stored in the database.
exclusionList?: [...string]
// Image is the name of the image repository
image: string
// Interval is the length of time to wait between
// scans of the image repository.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets.
serviceAccountName?: strings.MaxRunes(253)
// This flag tells the controller to suspend subsequent image
// scans.
// It does not apply to already started scans. Defaults to false.
suspend?: bool
// Timeout for image scanning.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
}

121
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imagerepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,121 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import (
"strings"
"list"
)
// ImageRepository is the Schema for the imagerepositories API
#ImageRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
spec!: #ImageRepositorySpec
}
// ImageRepositorySpec defines the parameters for scanning an
// image
// repository, e.g., `fluxcd/flux`.
#ImageRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// ExclusionList is a list of regex strings used to exclude
// certain tags
// from being stored in the database.
exclusionList?: list.MaxItems(25) & [...string] | *["^.*\\.sig$"]
// Image is the name of the image repository
image: string
// Insecure allows connecting to a non-TLS HTTP container
// registry.
insecure?: bool
// Interval is the length of time to wait between
// scans of the image repository.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The provider used for authentication, can be 'aws', 'azure',
// 'gcp' or 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets.
serviceAccountName?: strings.MaxRunes(253)
// This flag tells the controller to suspend subsequent image
// scans.
// It does not apply to already started scans. Defaults to false.
suspend?: bool
// Timeout for image scanning.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
}

179
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imageupdateautomation/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,179 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// ImageUpdateAutomation is the Schema for the
// imageupdateautomations API
#ImageUpdateAutomation: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageUpdateAutomation"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
spec!: #ImageUpdateAutomationSpec
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
#ImageUpdateAutomationSpec: {
// GitSpec contains all the git-specific definitions. This is
// technically optional, but in practice mandatory until there are
// other kinds of source allowed.
git?: {
checkout?: {
// Reference gives a branch, tag or commit to clone from the Git
// repository.
ref: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
}
// Commit specifies how to commit to the git repository.
commit: {
// Author gives the email and optionally the name to use as the
// author of commits.
author: {
// Email gives the email to provide when making a commit.
email: string
// Name gives the name to provide when making a commit.
name?: string
}
// MessageTemplate provides a template for the commit message,
// into which will be interpolated the details of the change made.
messageTemplate?: string
signingKey?: {
secretRef: {
// Name of the referent.
name: string
}
}
}
// Push specifies how and where to push commits made by the
// automation. If missing, commits are pushed (back) to
// `.spec.checkout.branch` or its default.
push?: {
// Branch specifies that commits should be pushed to the branch
// named. The branch is created using `.spec.checkout.branch` as
// the
// starting point, if it doesn't already exist.
branch?: string
// Options specifies the push options that are sent to the Git
// server when performing a push operation. For details, see:
// https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
options?: {
[string]: string
}
// Refspec specifies the Git Refspec to use for a push operation.
// If both Branch and Refspec are provided, then the commit is
// pushed
// to the branch and also using the specified refspec.
// For more details about Git Refspecs, see:
// https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
refspec?: string
}
}
// Interval gives an lower bound for how often the automation
// run should be attempted.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// SourceRef refers to the resource giving access details
// to a git repository.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "GitRepository" | *"GitRepository"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// Suspend tells the controller to not run this automation, until
// it is unset (or set to false). Defaults to false.
suspend?: bool
// Update gives the specification for how to update the files in
// the repository. This can be left empty, to use the default
// value.
update?: {
// Path to the directory containing the manifests to be updated.
// Defaults to 'None', which translates to the root path
// of the GitRepositoryRef.
path?: string
// Strategy names the strategy to be used.
strategy: "Setters" | *"Setters"
} | *{
strategy: "Setters"
}
}

214
internal/generate/platforms/cue.mod/gen/image.toolkit.fluxcd.io/imageupdateautomation/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,214 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// ImageUpdateAutomation is the Schema for the
// imageupdateautomations API
#ImageUpdateAutomation: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "image.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "ImageUpdateAutomation"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
spec!: #ImageUpdateAutomationSpec
}
// ImageUpdateAutomationSpec defines the desired state of
// ImageUpdateAutomation
#ImageUpdateAutomationSpec: {
// GitSpec contains all the git-specific definitions. This is
// technically optional, but in practice mandatory until there are
// other kinds of source allowed.
git?: {
checkout?: {
// Reference gives a branch, tag or commit to clone from the Git
// repository.
ref: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
}
// Commit specifies how to commit to the git repository.
commit: {
// Author gives the email and optionally the name to use as the
// author of commits.
author: {
// Email gives the email to provide when making a commit.
email: string
// Name gives the name to provide when making a commit.
name?: string
}
// MessageTemplate provides a template for the commit message,
// into which will be interpolated the details of the change made.
messageTemplate?: string
signingKey?: {
secretRef: {
// Name of the referent.
name: string
}
}
}
// Push specifies how and where to push commits made by the
// automation. If missing, commits are pushed (back) to
// `.spec.checkout.branch` or its default.
push?: {
// Branch specifies that commits should be pushed to the branch
// named. The branch is created using `.spec.checkout.branch` as
// the
// starting point, if it doesn't already exist.
branch?: string
// Options specifies the push options that are sent to the Git
// server when performing a push operation. For details, see:
// https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
options?: {
[string]: string
}
// Refspec specifies the Git Refspec to use for a push operation.
// If both Branch and Refspec are provided, then the commit is
// pushed
// to the branch and also using the specified refspec.
// For more details about Git Refspecs, see:
// https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
refspec?: string
}
}
// Interval gives an lower bound for how often the automation
// run should be attempted.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PolicySelector allows to filter applied policies based on
// labels.
// By default includes all policies in namespace.
policySelector?: {
// matchExpressions is a list of label selector requirements. The
// requirements are ANDed.
matchExpressions?: [...{
// key is the label key that the selector applies to.
key: string
// operator represents a key's relationship to a set of values.
// Valid operators are In, NotIn, Exists and DoesNotExist.
operator: string
// values is an array of string values. If the operator is In or
// NotIn,
// the values array must be non-empty. If the operator is Exists
// or DoesNotExist,
// the values array must be empty. This array is replaced during a
// strategic
// merge patch.
values?: [...string]
}]
// matchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}
// SourceRef refers to the resource giving access details
// to a git repository.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "GitRepository" | *"GitRepository"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// Suspend tells the controller to not run this automation, until
// it is unset (or set to false). Defaults to false.
suspend?: bool
// Update gives the specification for how to update the files in
// the repository. This can be left empty, to use the default
// value.
update?: {
// Path to the directory containing the manifests to be updated.
// Defaults to 'None', which translates to the root path
// of the GitRepositoryRef.
path?: string
// Strategy names the strategy to be used.
strategy: "Setters" | *"Setters"
} | *{
strategy: "Setters"
}
}

154
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/freight/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,154 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Freight represents a collection of versioned artifacts.
#Freight: {
// Alias is a human-friendly alias for a piece of Freight. This is
// an optional
// field. A defaulting webhook will sync this field with the value
// of the
// kargo.akuity.io/alias label. When the alias label is not
// present or differs
// from the value of this field, the defaulting webhook will set
// the label to
// the value of this field. If the alias label is present and this
// field is
// empty, the defaulting webhook will set the value of this field
// to the value
// of the alias label. If this field is empty and the alias label
// is not
// present, the defaulting webhook will choose an available alias
// and assign
// it to both the field and label.
alias?: string
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Charts describes specific versions of specific Helm charts.
charts?: [...{
// Name specifies the name of the chart.
name?: string
// RepoURL specifies the URL of a Helm chart repository. Classic
// chart
// repositories (using HTTP/S) can contain differently named
// charts. When this
// field points to such a repository, the Name field will specify
// the name of
// the chart within the repository. In the case of a repository
// within an OCI
// registry, the URL implicitly points to a specific chart and the
// Name field
// will be empty.
repoURL?: string
// Version specifies a particular version of the chart.
version?: string
}]
// Commits describes specific Git repository commits.
commits?: [...{
// Author is the author of the commit.
author?: string
// Branch denotes the branch of the repository where this commit
// was found.
branch?: string
// Committer is the person who committed the commit.
committer?: string
// ID is the ID of a specific commit in the Git repository
// specified by
// RepoURL.
id?: string
// Message is the message associated with the commit. At present,
// this only
// contains the first line (subject) of the commit message.
message?: string
// RepoURL is the URL of a Git repository.
repoURL?: string
// Tag denotes a tag in the repository that matched selection
// criteria and
// resolved to this commit.
tag?: string
}]
// Images describes specific versions of specific container
// images.
images?: [...{
// Digest identifies a specific version of the image in the
// repository
// specified by RepoURL. This is a more precise identifier than
// Tag.
digest?: string
// GitRepoURL specifies the URL of a Git repository that contains
// the source
// code for the image repository referenced by the RepoURL field
// if Kargo was
// able to infer it.
gitRepoURL?: string
// RepoURL describes the repository in which the image can be
// found.
repoURL?: string
// Tag identifies a specific version of the image in the
// repository specified
// by RepoURL.
tag?: string
}]
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Freight"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Origin describes a kind of Freight in terms of its origin.
origin: {
// Kind is the kind of resource from which Freight may have
// originated. At
// present, this can only be "Warehouse".
kind: "Warehouse"
// Name is the name of the resource of the kind indicated by the
// Kind field
// from which Freight may originated.
name: string
}
}

72
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/project/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,72 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Project is a resource type that reconciles to a specially
// labeled namespace
// and other TODO: TBD project-level resources.
#Project: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Project"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace?: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes a Project.
spec!: #ProjectSpec
}
#ProjectSpec: {
// PromotionPolicies defines policies governing the promotion of
// Freight to
// specific Stages within this Project.
promotionPolicies?: [...{
// AutoPromotionEnabled indicates whether new Freight can
// automatically be
// promoted into the Stage referenced by the Stage field. Note:
// There are may
// be other conditions also required for an auto-promotion to
// occur. This
// field defaults to false, but is commonly set to true for Stages
// that
// subscribe to Warehouses instead of other, upstream Stages. This
// allows
// users to define Stages that are automatically updated as soon
// as new
// artifacts are detected.
autoPromotionEnabled?: bool
stage: strings.MinRunes(1) & {
=~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
}
}]
}

163
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/promotion/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,163 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Promotion represents a request to transition a particular Stage
// into a
// particular Freight.
#Promotion: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Promotion"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes the desired transition of a specific Stage into
// a specific
// Freight.
spec!: #PromotionSpec
}
// Spec describes the desired transition of a specific Stage into
// a specific
// Freight.
#PromotionSpec: {
// Freight specifies the piece of Freight to be promoted into the
// Stage
// referenced by the Stage field.
freight: strings.MinRunes(1)
// Stage specifies the name of the Stage to which this Promotion
// applies. The Stage referenced by this field MUST be in the same
// namespace as the Promotion.
stage: strings.MinRunes(1) & {
=~"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
}
// Steps specifies the directives to be executed as part of this
// Promotion.
// The order in which the directives are executed is the order in
// which they
// are listed in this field.
steps?: [...{
// As is the alias this step can be referred to as.
as?: string
// Config is opaque configuration for the PromotionStep that is
// understood
// only by each PromotionStep's implementation. It is legal to
// utilize
// expressions in defining values at any level of this block.
// See https://docs.kargo.io/references/expression-language for
// details.
config?: _
// Retry is the retry policy for this step.
retry?: {
// ErrorThreshold is the number of consecutive times the step must
// fail (for
// any reason) before retries are abandoned and the entire
// Promotion is marked
// as failed.
//
// If this field is set to 0, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also 0), the
// effective
// default will be the system-wide default of 1.
//
// A value of 1 will cause the Promotion to be marked as failed
// after just
// a single failure; i.e. no retries will be attempted.
//
// There is no option to specify an infinite number of retries
// using a value
// such as -1.
//
// In a future release, Kargo is likely to become capable of
// distinguishing
// between recoverable and non-recoverable step failures. At that
// time, it is
// planned that unrecoverable failures will not be subject to this
// threshold
// and will immediately cause the Promotion to be marked as failed
// without
// further condition.
errorThreshold?: int
// Timeout is the soft maximum interval in which a step that
// returns a Running
// status (which typically indicates it's waiting for something to
// happen)
// may be retried.
//
// The maximum is a soft one because the check for whether the
// interval has
// elapsed occurs AFTER the step has run. This effectively means a
// step may
// run ONCE beyond the close of the interval.
//
// If this field is set to nil, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also nil), the
// effective
// default will be the system-wide default of 0.
//
// A value of 0 will cause the step to be retried indefinitely
// unless the
// ErrorThreshold is reached.
timeout?: string
}
// Uses identifies a runner that can execute this step.
uses: strings.MinRunes(1)
}]
// Vars is a list of variables that can be referenced by
// expressions in
// promotion steps.
vars?: [...{
// Name is the name of the variable.
name: strings.MinRunes(1) & {
=~"^[a-zA-Z_]\\w*$"
}
// Value is the value of the variable. It is allowed to utilize
// expressions
// in the value.
// See https://docs.kargo.io/references/expression-language for
// details.
value: string
}]
}

264
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/stage/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,264 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Stage is the Kargo API's main type.
#Stage: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Stage"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes sources of Freight used by the Stage and how to
// incorporate
// Freight into the Stage.
spec!: #StageSpec
}
// Spec describes sources of Freight used by the Stage and how to
// incorporate
// Freight into the Stage.
#StageSpec: {
promotionTemplate?: {
// PromotionTemplateSpec describes the (partial) specification of
// a Promotion
// for a Stage. This is a template that can be used to create a
// Promotion for a
// Stage.
spec: {
// Steps specifies the directives to be executed as part of a
// Promotion.
// The order in which the directives are executed is the order in
// which they
// are listed in this field.
steps?: [...{
// As is the alias this step can be referred to as.
as?: string
// Config is opaque configuration for the PromotionStep that is
// understood
// only by each PromotionStep's implementation. It is legal to
// utilize
// expressions in defining values at any level of this block.
// See https://docs.kargo.io/references/expression-language for
// details.
config?: _
// Retry is the retry policy for this step.
retry?: {
// ErrorThreshold is the number of consecutive times the step must
// fail (for
// any reason) before retries are abandoned and the entire
// Promotion is marked
// as failed.
//
// If this field is set to 0, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also 0), the
// effective
// default will be the system-wide default of 1.
//
// A value of 1 will cause the Promotion to be marked as failed
// after just
// a single failure; i.e. no retries will be attempted.
//
// There is no option to specify an infinite number of retries
// using a value
// such as -1.
//
// In a future release, Kargo is likely to become capable of
// distinguishing
// between recoverable and non-recoverable step failures. At that
// time, it is
// planned that unrecoverable failures will not be subject to this
// threshold
// and will immediately cause the Promotion to be marked as failed
// without
// further condition.
errorThreshold?: int
// Timeout is the soft maximum interval in which a step that
// returns a Running
// status (which typically indicates it's waiting for something to
// happen)
// may be retried.
//
// The maximum is a soft one because the check for whether the
// interval has
// elapsed occurs AFTER the step has run. This effectively means a
// step may
// run ONCE beyond the close of the interval.
//
// If this field is set to nil, the effective default will be a
// step-specific
// one. If no step-specific default exists (i.e. is also nil), the
// effective
// default will be the system-wide default of 0.
//
// A value of 0 will cause the step to be retried indefinitely
// unless the
// ErrorThreshold is reached.
timeout?: string
}
// Uses identifies a runner that can execute this step.
uses: strings.MinRunes(1)
}] & [_, ...]
// Vars is a list of variables that can be referenced by
// expressions in
// promotion steps.
vars?: [...{
// Name is the name of the variable.
name: strings.MinRunes(1) & {
=~"^[a-zA-Z_]\\w*$"
}
// Value is the value of the variable. It is allowed to utilize
// expressions
// in the value.
// See https://docs.kargo.io/references/expression-language for
// details.
value: string
}]
}
}
// RequestedFreight expresses the Stage's need for certain pieces
// of Freight,
// each having originated from a particular Warehouse. This list
// must be
// non-empty. In the common case, a Stage will request Freight
// having
// originated from just one specific Warehouse. In advanced cases,
// requesting
// Freight from multiple Warehouses provides a method of advancing
// new
// artifacts of different types through parallel pipelines at
// different
// speeds. This can be useful, for instance, if a Stage is home to
// multiple
// microservices that are independently versioned.
requestedFreight: [...{
// Origin specifies from where the requested Freight must have
// originated.
// This is a required field.
origin: {
// Kind is the kind of resource from which Freight may have
// originated. At
// present, this can only be "Warehouse".
kind: "Warehouse"
// Name is the name of the resource of the kind indicated by the
// Kind field
// from which Freight may originated.
name: string
}
// Sources describes where the requested Freight may be obtained
// from. This is
// a required field.
sources: {
// Direct indicates the requested Freight may be obtained directly
// from the
// Warehouse from which it originated. If this field's value is
// false, then
// the value of the Stages field must be non-empty. i.e. Between
// the two
// fields, at least one source must be specified.
direct?: bool
// Stages identifies other "upstream" Stages as potential sources
// of the
// requested Freight. If this field's value is empty, then the
// value of the
// Direct field must be true. i.e. Between the two fields, at
// least on source
// must be specified.
stages?: [...string]
}
}] & [_, ...]
// Shard is the name of the shard that this Stage belongs to. This
// is an
// optional field. If not specified, the Stage will belong to the
// default
// shard. A defaulting webhook will sync the value of the
// kargo.akuity.io/shard label with the value of this field. When
// this field
// is empty, the webhook will ensure that label is absent.
shard?: string
// Verification describes how to verify a Stage's current Freight
// is fit for
// promotion downstream.
verification?: {
// AnalysisRunMetadata contains optional metadata that should be
// applied to
// all AnalysisRuns.
analysisRunMetadata?: {
// Additional annotations to apply to an AnalysisRun.
annotations?: {
[string]: string
}
// Additional labels to apply to an AnalysisRun.
labels?: {
[string]: string
}
}
// AnalysisTemplates is a list of AnalysisTemplates from which
// AnalysisRuns
// should be created to verify a Stage's current Freight is fit to
// be promoted
// downstream.
analysisTemplates?: [...{
// Name is the name of the AnalysisTemplate in the same
// project/namespace as
// the Stage.
name: string
}]
// Args lists arguments that should be added to all AnalysisRuns.
args?: [...{
// Name is the name of the argument.
name: string
// Value is the value of the argument.
value: string
}]
}
}

402
internal/generate/platforms/cue.mod/gen/kargo.akuity.io/warehouse/v1alpha1/types_gen.cue Normal file
View File

@@ -0,0 +1,402 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/kargo-demo/deploy/components/kargo/kargo.gen.yaml
package v1alpha1
import "strings"
// Warehouse is a source of Freight.
#Warehouse: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kargo.akuity.io/v1alpha1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Warehouse"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// Spec describes sources of artifacts.
spec!: #WarehouseSpec
}
// Spec describes sources of artifacts.
#WarehouseSpec: {
// FreightCreationPolicy describes how Freight is created by this
// Warehouse.
// This field is optional. When left unspecified, the field is
// implicitly
// treated as if its value were "Automatic".
// Accepted values: Automatic, Manual
freightCreationPolicy?: "Automatic" | "Manual" | *"Automatic"
// Interval is the reconciliation interval for this Warehouse. On
// each
// reconciliation, the Warehouse will discover new artifacts and
// optionally
// produce new Freight. This field is optional. When left
// unspecified, the
// field is implicitly treated as if its value were "5m0s".
interval: =~"^([0-9]+(\\.[0-9]+)?(s|m|h))+$" | *"5m0s"
// Shard is the name of the shard that this Warehouse belongs to.
// This is an
// optional field. If not specified, the Warehouse will belong to
// the default
// shard. A defaulting webhook will sync this field with the value
// of the
// kargo.akuity.io/shard label. When the shard label is not
// present or differs
// from the value of this field, the defaulting webhook will set
// the label to
// the value of this field. If the shard label is present and this
// field is
// empty, the defaulting webhook will set the value of this field
// to the value
// of the shard label.
shard?: string
// Subscriptions describes sources of artifacts to be included in
// Freight
// produced by this Warehouse.
subscriptions: [...{
// Chart describes a subscription to a Helm chart repository.
chart?: {
// DiscoveryLimit is an optional limit on the number of chart
// versions that
// can be discovered for this subscription. The limit is applied
// after
// filtering charts based on the SemverConstraint field.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// Name specifies the name of a Helm chart to subscribe to within
// a classic
// chart repository specified by the RepoURL field. This field is
// required
// when the RepoURL field points to a classic chart repository and
// MUST
// otherwise be empty.
name?: string
// RepoURL specifies the URL of a Helm chart repository. It may be
// a classic
// chart repository (using HTTP/S) OR a repository within an OCI
// registry.
// Classic chart repositories can contain differently named
// charts. When this
// field points to such a repository, the Name field MUST also be
// used
// to specify the name of the desired chart within that
// repository. In the
// case of a repository within an OCI registry, the URL implicitly
// points to
// a specific chart and the Name field MUST NOT be used. The
// RepoURL field is
// required.
repoURL: strings.MinRunes(1) & {
=~"^(((https?)|(oci))://)([\\w\\d\\.\\-]+)(:[\\d]+)?(/.*)*$"
}
// SemverConstraint specifies constraints on what new chart
// versions are
// permissible. This field is optional. When left unspecified,
// there will be
// no constraints, which means the latest version of the chart
// will always be
// used. Care should be taken with leaving this field unspecified,
// as it can
// lead to the unanticipated rollout of breaking changes.
// More info:
// https://github.com/masterminds/semver#checking-version-constraints
semverConstraint?: string
}
// Git describes a subscriptions to a Git repository.
git?: {
// AllowTags is a regular expression that can optionally be used
// to limit the
// tags that are considered in determining the newest commit of
// interest. The
// value in this field only has any effect when the
// CommitSelectionStrategy is
// Lexical, NewestTag, or SemVer. This field is optional.
allowTags?: string
// Branch references a particular branch of the repository. The
// value in this
// field only has any effect when the CommitSelectionStrategy is
// NewestFromBranch or left unspecified (which is implicitly the
// same as
// NewestFromBranch). This field is optional. When left
// unspecified, (and the
// CommitSelectionStrategy is NewestFromBranch or unspecified),
// the
// subscription is implicitly to the repository's default branch.
branch?: strings.MinRunes(1) & {
=~"^\\w+([-/]\\w+)*$"
}
// CommitSelectionStrategy specifies the rules for how to identify
// the newest
// commit of interest in the repository specified by the RepoURL
// field. This
// field is optional. When left unspecified, the field is
// implicitly treated
// as if its value were "NewestFromBranch".
// Accepted values: Lexical, NewestFromBranch, NewestTag, SemVer
commitSelectionStrategy?: "Lexical" | "NewestFromBranch" | "NewestTag" | "SemVer" | *"NewestFromBranch"
// DiscoveryLimit is an optional limit on the number of commits
// that can be
// discovered for this subscription. The limit is applied after
// filtering
// commits based on the AllowTags and IgnoreTags fields.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// ExcludePaths is a list of selectors that designate paths in the
// repository
// that should NOT trigger the production of new Freight when
// changes are
// detected therein. When specified, changes in the identified
// paths will not
// trigger Freight production. When not specified, paths that
// should trigger
// Freight production will be defined solely by IncludePaths.
// Selectors may be
// defined using:
// 1. Exact paths to files or directories (ex. "charts/foo")
// 2. Glob patterns (prefix the pattern with "glob:"; ex.
// "glob:*.yaml")
// 3. Regular expressions (prefix the pattern with "regex:" or
// "regexp:";
// ex. "regexp:^.*\.yaml$")
// Paths selected by IncludePaths may be unselected by
// ExcludePaths. This
// is a useful method for including a broad set of paths and then
// excluding a
// subset of them.
excludePaths?: [...string]
// IgnoreTags is a list of tags that must be ignored when
// determining the
// newest commit of interest. No regular expressions or glob
// patterns are
// supported yet. The value in this field only has any effect when
// the
// CommitSelectionStrategy is Lexical, NewestTag, or SemVer. This
// field is
// optional.
ignoreTags?: [...string]
// IncludePaths is a list of selectors that designate paths in the
// repository
// that should trigger the production of new Freight when changes
// are detected
// therein. When specified, only changes in the identified paths
// will trigger
// Freight production. When not specified, changes in any path
// will trigger
// Freight production. Selectors may be defined using:
// 1. Exact paths to files or directories (ex. "charts/foo")
// 2. Glob patterns (prefix the pattern with "glob:"; ex.
// "glob:*.yaml")
// 3. Regular expressions (prefix the pattern with "regex:" or
// "regexp:";
// ex. "regexp:^.*\.yaml$")
// Paths selected by IncludePaths may be unselected by
// ExcludePaths. This
// is a useful method for including a broad set of paths and then
// excluding a
// subset of them.
includePaths?: [...string]
// InsecureSkipTLSVerify specifies whether certificate
// verification errors
// should be ignored when connecting to the repository. This
// should be enabled
// only with great caution.
insecureSkipTLSVerify?: bool
// URL is the repository's URL. This is a required field.
repoURL: strings.MinRunes(1) & {
=~"(?:^(https?)://(?:([\\w-]+):(.+)@)?([\\w-]+(?:\\.[\\w-]+)*)(?::(\\d{1,5}))?(/.*)$)|(?:^([\\w-]+)@([\\w+]+(?:\\.[\\w-]+)*):(/?.*))"
}
// SemverConstraint specifies constraints on what new tagged
// commits are
// considered in determining the newest commit of interest. The
// value in this
// field only has any effect when the CommitSelectionStrategy is
// SemVer. This
// field is optional. When left unspecified, there will be no
// constraints,
// which means the latest semantically tagged commit will always
// be used. Care
// should be taken with leaving this field unspecified, as it can
// lead to the
// unanticipated rollout of breaking changes.
semverConstraint?: string
// StrictSemvers specifies whether only "strict" semver tags
// should be
// considered. A "strict" semver tag is one containing ALL of
// major, minor,
// and patch version components. This is enabled by default, but
// only has any
// effect when the CommitSelectionStrategy is SemVer. This should
// be disabled
// cautiously, as it creates the potential for any tag containing
// numeric
// characters only to be mistaken for a semver string containing
// the major
// version number only.
strictSemvers: bool | *true
}
// Image describes a subscription to container image repository.
image?: {
// AllowTags is a regular expression that can optionally be used
// to limit the
// image tags that are considered in determining the newest
// version of an
// image. This field is optional.
allowTags?: string
// DiscoveryLimit is an optional limit on the number of image
// references
// that can be discovered for this subscription. The limit is
// applied after
// filtering images based on the AllowTags and IgnoreTags fields.
// When left unspecified, the field is implicitly treated as if
// its value
// were "20". The upper limit for this field is 100.
discoveryLimit?: int & <=100 & >=1 | *20
// GitRepoURL optionally specifies the URL of a Git repository
// that contains
// the source code for the image repository referenced by the
// RepoURL field.
// When this is specified, Kargo MAY be able to infer and link to
// the exact
// revision of that source code that was used to build the image.
gitRepoURL?: =~"^https?://(\\w+([\\.-]\\w+)*@)?\\w+([\\.-]\\w+)*(:[\\d]+)?(/.*)?$"
// IgnoreTags is a list of tags that must be ignored when
// determining the
// newest version of an image. No regular expressions or glob
// patterns are
// supported yet. This field is optional.
ignoreTags?: [...string]
// ImageSelectionStrategy specifies the rules for how to identify
// the newest version
// of the image specified by the RepoURL field. This field is
// optional. When
// left unspecified, the field is implicitly treated as if its
// value were
// "SemVer".
// Accepted values: Digest, Lexical, NewestBuild, SemVer
imageSelectionStrategy?: "Digest" | "Lexical" | "NewestBuild" | "SemVer" | *"SemVer"
// InsecureSkipTLSVerify specifies whether certificate
// verification errors
// should be ignored when connecting to the repository. This
// should be enabled
// only with great caution.
insecureSkipTLSVerify?: bool
// Platform is a string of the form <os>/<arch> that limits the
// tags that can
// be considered when searching for new versions of an image. This
// field is
// optional. When left unspecified, it is implicitly equivalent to
// the
// OS/architecture of the Kargo controller. Care should be taken
// to set this
// value correctly in cases where the image referenced by this
// ImageRepositorySubscription will run on a Kubernetes node with
// a different
// OS/architecture than the Kargo controller. At present this is
// uncommon, but
// not unheard of.
platform?: string
// RepoURL specifies the URL of the image repository to subscribe
// to. The
// value in this field MUST NOT include an image tag. This field
// is required.
repoURL: strings.MinRunes(1) & {
=~"^(\\w+([\\.-]\\w+)*(:[\\d]+)?/)?(\\w+([\\.-]\\w+)*)(/\\w+([\\.-]\\w+)*)*$"
}
// SemverConstraint specifies constraints on what new image
// versions are
// permissible. The value in this field only has any effect when
// the
// ImageSelectionStrategy is SemVer or left unspecified (which is
// implicitly
// the same as SemVer). This field is also optional. When left
// unspecified,
// (and the ImageSelectionStrategy is SemVer or unspecified),
// there will be no
// constraints, which means the latest semantically tagged version
// of an image
// will always be used. Care should be taken with leaving this
// field
// unspecified, as it can lead to the unanticipated rollout of
// breaking
// changes. Refer to Image Updater documentation for more details.
// More info:
// https://github.com/masterminds/semver#checking-version-constraints
semverConstraint?: string
// StrictSemvers specifies whether only "strict" semver tags
// should be
// considered. A "strict" semver tag is one containing ALL of
// major, minor,
// and patch version components. This is enabled by default, but
// only has any
// effect when the ImageSelectionStrategy is SemVer. This should
// be disabled
// cautiously, as it is not uncommon to tag container images with
// short Git
// commit hashes, which have the potential to contain numeric
// characters only
// and could be mistaken for a semver string containing the major
// version
// number only.
strictSemvers: bool | *true
}
}] & [_, ...]
}

326
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,326 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the configuration to calculate the
// desired state
// from a Source using Kustomize.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the configuration to calculate the
// desired state
// from a Source using Kustomize.
#KustomizationSpec: {
// CommonMetadata specifies the common labels and annotations that
// are
// applied to all resources. Any existing label or annotation will
// be
// overridden if its key matches a common one.
commonMetadata?: {
// Annotations to be added to the object's metadata.
annotations?: {
[string]: string
}
// Labels to be added to the object's metadata.
labels?: {
[string]: string
}
}
// Components specifies relative paths to specifications of other
// Components.
components?: [...string]
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// NamePrefix will prefix the names of all managed resources.
namePrefix?: strings.MaxRunes(200) & strings.MinRunes(1)
// NameSuffix will suffix the names of all managed resources.
nameSuffix?: strings.MaxRunes(200) & strings.MinRunes(1)
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests that match any of
// the keys
// defined in the map will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names,
// and they
// must match the vars declared in the manifests for the
// substitution to
// happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional indicates whether the referenced resource must exist,
// or whether to
// tolerate its absence. If true and the referenced resource is
// absent, proceed
// as if the resource was present but empty, without any variables
// defined.
optional?: bool | *false
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes
// resource object that contains the reference.
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Wait instructs the controller to check the health of all the
// reconciled
// resources. When enabled, the HealthChecks are ignored. Defaults
// to false.
wait?: bool
}

343
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,343 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the desired state of a kustomization.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the desired state of a kustomization.
#KustomizationSpec: {
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
interval: string
kubeConfig?: {
secretRef: {
// Name of the referent.
name: string
}
}
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
patchesStrategicMerge?: [...]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests
// that match any of the keys defined in the map
// will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names
// and they
// must match the vars declared in the manifests for the
// substitution to happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: string
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "GitRepository" | "Bucket"
// Name of the referent
name: string
// Namespace of the referent, defaults to the Kustomization
// namespace
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: string
// Validate the Kubernetes objects before applying them on the
// cluster.
// The validation strategy can be 'client' (local dry-run),
// 'server'
// (APIServer dry-run) or 'none'.
// When 'Force' is 'true', validation will fallback to 'client' if
// set to
// 'server' because server-side validation is not supported in
// this scenario.
validation?: "none" | "client" | "server"
}

389
internal/generate/platforms/cue.mod/gen/kustomize.toolkit.fluxcd.io/kustomization/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,389 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Kustomization is the Schema for the kustomizations API.
#Kustomization: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "kustomize.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Kustomization"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// KustomizationSpec defines the configuration to calculate the
// desired state from a Source using Kustomize.
spec!: #KustomizationSpec
}
// KustomizationSpec defines the configuration to calculate the
// desired state from a Source using Kustomize.
#KustomizationSpec: {
// CommonMetadata specifies the common labels and annotations that
// are applied to all resources.
// Any existing label or annotation will be overridden if its key
// matches a common one.
commonMetadata?: {
// Annotations to be added to the object's metadata.
annotations?: {
[string]: string
}
// Labels to be added to the object's metadata.
labels?: {
[string]: string
}
}
// Components specifies relative paths to specifications of other
// Components.
components?: [...string]
// Decrypt Kubernetes secrets before applying them on the cluster.
decryption?: {
// Provider is the name of the decryption engine.
provider: "sops"
secretRef?: {
// Name of the referent.
name: string
}
}
// DependsOn may contain a meta.NamespacedObjectReference slice
// with references to Kustomization resources that must be ready
// before this
// Kustomization can be reconciled.
dependsOn?: [...{
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Force instructs the controller to recreate resources
// when patching fails due to an immutable field change.
force?: bool | *false
// A list of resources to be included in the health assessment.
healthChecks?: [...{
// API version of the referent, if not specified the Kubernetes
// preferred version will be used.
apiVersion?: string
// Kind of the referent.
kind: string
// Name of the referent.
name: string
// Namespace of the referent, when not specified it acts as
// LocalObjectReference.
namespace?: string
}]
// Images is a list of (image name, new name, new tag or digest)
// for changing image names, tags or digests. This can also be
// achieved with a
// patch, but this operator is simpler to specify.
images?: [...{
// Digest is the value used to replace the original image tag.
// If digest is present NewTag value is ignored.
digest?: string
// Name is a tag-less image name.
name: string
// NewName is the value used to replace the original name.
newName?: string
// NewTag is the value used to replace the original tag.
newTag?: string
}]
// The interval at which to reconcile the Kustomization.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
kubeConfig?: {
// SecretRef holds the name of a secret that contains a key with
// the kubeconfig file as the value. If no key is set, the key
// will default
// to 'value'.
// It is recommended that the kubeconfig is self-contained, and
// the secret
// is regularly updated if credentials such as a
// cloud-access-token expire.
// Cloud specific `cmd-path` auth helpers will not function
// without adding
// binaries and credentials to the Pod that is responsible for
// reconciling
// Kubernetes resources.
secretRef: {
// Key in the Secret, when not specified an
// implementation-specific default key is used.
key?: string
// Name of the Secret.
name: string
}
}
// Strategic merge and JSON patches, defined as inline YAML
// objects,
// capable of targeting objects based on kind, label and
// annotation selectors.
patches?: [...{
// Patch contains an inline StrategicMerge patch or an inline
// JSON6902 patch with
// an array of operation objects.
patch: string
// Target points to the resources that the patch document should
// be applied to.
target?: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// JSON 6902 patches, defined as inline YAML objects.
// Deprecated: Use Patches instead.
patchesJson6902?: [...{
// Patch contains the JSON6902 patch document with an array of
// operation objects.
patch: [...{
// From contains a JSON-pointer value that references a location
// within the target document where the operation is
// performed. The meaning of the value depends on the value of Op,
// and is NOT taken into account by all operations.
from?: string
// Op indicates the operation to perform. Its value MUST be one of
// "add", "remove", "replace", "move", "copy", or
// "test".
// https://datatracker.ietf.org/doc/html/rfc6902#section-4
op: "test" | "remove" | "add" | "replace" | "move" | "copy"
// Path contains the JSON-pointer value that references a location
// within the target document where the operation
// is performed. The meaning of the value depends on the value of
// Op.
path: string
// Value contains a valid JSON structure. The meaning of the value
// depends on the value of Op, and is NOT taken into
// account by all operations.
value?: _
}]
// Target points to the resources that the patch document should
// be applied to.
target: {
// AnnotationSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource annotations.
annotationSelector?: string
// Group is the API group to select resources from.
// Together with Version and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
group?: string
// Kind of the API Group to select resources from.
// Together with Group and Version it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind?: string
// LabelSelector is a string that follows the label selection
// expression
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
// It matches with the resource labels.
labelSelector?: string
// Name to match resources with.
name?: string
// Namespace to select resources from.
namespace?: string
// Version of the API Group to select resources from.
// Together with Group and Kind it is capable of unambiguously
// identifying and/or selecting resources.
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
version?: string
}
}]
// Strategic merge patches, defined as inline YAML objects.
// Deprecated: Use Patches instead.
patchesStrategicMerge?: [...]
// Path to the directory containing the kustomization.yaml file,
// or the
// set of plain YAMLs a kustomization.yaml should be generated
// for.
// Defaults to 'None', which translates to the root path of the
// SourceRef.
path?: string
// PostBuild describes which actions to perform on the YAML
// manifest
// generated by building the kustomize overlay.
postBuild?: {
// Substitute holds a map of key/value pairs.
// The variables defined in your YAML manifests
// that match any of the keys defined in the map
// will be substituted with the set value.
// Includes support for bash string replacement functions
// e.g. ${var:=default}, ${var:position} and
// ${var/substring/replacement}.
substitute?: {
[string]: string
}
// SubstituteFrom holds references to ConfigMaps and Secrets
// containing
// the variables and their values to be substituted in the YAML
// manifests.
// The ConfigMap and the Secret data keys represent the var names
// and they
// must match the vars declared in the manifests for the
// substitution to happen.
substituteFrom?: [...{
// Kind of the values referent, valid values are ('Secret',
// 'ConfigMap').
kind: "Secret" | "ConfigMap"
// Name of the values referent. Should reside in the same
// namespace as the
// referring resource.
name: strings.MaxRunes(253) & strings.MinRunes(1)
// Optional indicates whether the referenced resource must exist,
// or whether to
// tolerate its absence. If true and the referenced resource is
// absent, proceed
// as if the resource was present but empty, without any variables
// defined.
optional?: bool | *false
}]
}
// Prune enables garbage collection.
prune: bool
// The interval at which to retry a previously failed
// reconciliation.
// When not specified, the controller uses the
// KustomizationSpec.Interval
// value to retry failures.
retryInterval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// The name of the Kubernetes service account to impersonate
// when reconciling this Kustomization.
serviceAccountName?: string
// Reference of the source where the kustomization file is.
sourceRef: {
// API version of the referent.
apiVersion?: string
// Kind of the referent.
kind: "OCIRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
// Namespace of the referent, defaults to the namespace of the
// Kubernetes resource object that contains the reference.
namespace?: string
}
// This flag tells the controller to suspend subsequent kustomize
// executions,
// it does not apply to already started executions. Defaults to
// false.
suspend?: bool
// TargetNamespace sets or overrides the namespace in the
// kustomization.yaml file.
targetNamespace?: strings.MaxRunes(63) & strings.MinRunes(1)
// Timeout for validation, apply and health checking operations.
// Defaults to 'Interval' duration.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Deprecated: Not used in v1beta2.
validation?: "none" | "client" | "server"
// Wait instructs the controller to check the health of all the
// reconciled resources.
// When enabled, the HealthChecks are ignored. Defaults to false.
wait?: bool
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects
#AlertSpec: {
// Filter events based on severity, defaults to ('info').
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// Filter events based on the involved objects.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
// Name of the referent
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// A list of Golang regular expressions to be used for excluding
// messages.
exclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Short description of the impact and affected cluster.
summary?: string
// This flag tells the controller to suspend subsequent events
// dispatching.
// Defaults to false.
suspend?: bool
}

116
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
#AlertSpec: {
// EventMetadata is an optional field for adding metadata to
// events dispatched by the
// controller. This can be used for enhancing the context of the
// event. If a field
// would override one already present on the original event as
// generated by the emitter,
// then the override doesn't happen, i.e. the original value is
// preserved, and an info
// log is printed.
eventMetadata?: {
[string]: string
}
// EventSeverity specifies how to filter events based on severity.
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// EventSources specifies how to filter events based
// on the involved object kind, name and namespace.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// ExclusionList specifies a list of Golang regular expressions
// to be used for excluding messages.
exclusionList?: [...string]
// InclusionList specifies a list of Golang regular expressions
// to be used for including messages.
inclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Summary holds a short description of the impact and affected
// cluster.
summary?: strings.MaxRunes(255)
// Suspend tells the controller to suspend subsequent
// events handling for this Alert.
suspend?: bool
}

116
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/alert/v1beta3/types_gen.cue Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta3
import "strings"
// Alert is the Schema for the alerts API
#Alert: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta3"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Alert"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
spec!: #AlertSpec
}
// AlertSpec defines an alerting rule for events involving a list
// of objects.
#AlertSpec: {
// EventMetadata is an optional field for adding metadata to
// events dispatched by the
// controller. This can be used for enhancing the context of the
// event. If a field
// would override one already present on the original event as
// generated by the emitter,
// then the override doesn't happen, i.e. the original value is
// preserved, and an info
// log is printed.
eventMetadata?: {
[string]: string
}
// EventSeverity specifies how to filter events based on severity.
// If set to 'info' no events will be filtered.
eventSeverity?: "info" | "error" | *"info"
// EventSources specifies how to filter events based
// on the involved object kind, name and namespace.
eventSources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
// ExclusionList specifies a list of Golang regular expressions
// to be used for excluding messages.
exclusionList?: [...string]
// InclusionList specifies a list of Golang regular expressions
// to be used for including messages.
inclusionList?: [...string]
providerRef: {
// Name of the referent.
name: string
}
// Summary holds a short description of the impact and affected
// cluster.
summary?: strings.MaxRunes(255)
// Suspend tells the controller to suspend subsequent
// events handling for this Alert.
suspend?: bool
}

80
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,80 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Provider is the Schema for the providers API
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of Provider
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of Provider
#ProviderSpec: {
// HTTP/S webhook address of this provider
address?: =~"^(http|https)://"
certSecretRef?: {
// Name of the referent.
name: string
}
// Alert channel for this provider
channel?: string
// HTTP/S address of the proxy
proxy?: =~"^(http|https)://"
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend subsequent events
// handling.
// Defaults to false.
suspend?: bool
// Timeout for sending alerts to the provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of provider
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "azuredevops" | "googlechat" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch"
// Bot username for this provider
username?: string
}

93
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,93 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Provider is the Schema for the providers API.
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of the Provider.
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of the Provider.
#ProviderSpec: {
// Address specifies the endpoint, in a generic sense, to where
// alerts are sent.
// What kind of endpoint depends on the specific Provider type
// being used.
// For the generic Provider, for example, this is an HTTP/S
// address.
// For other Provider types this could be a project ID or a
// namespace.
address?: strings.MaxRunes(2048)
certSecretRef?: {
// Name of the referent.
name: string
}
// Channel specifies the destination channel where events should
// be posted.
channel?: strings.MaxRunes(2048)
// Interval at which to reconcile the Provider with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Proxy the HTTP/S address of the proxy server.
proxy?: strings.MaxRunes(2048) & {
=~"^(http|https)://.*$"
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this Provider.
suspend?: bool
// Timeout for sending alerts to the Provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type specifies which Provider implementation to use.
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "gitea" | "bitbucketserver" | "bitbucket" | "azuredevops" | "googlechat" | "googlepubsub" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch" | "pagerduty" | "datadog"
// Username specifies the name under which events are posted.
username?: strings.MaxRunes(2048)
}

94
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/provider/v1beta3/types_gen.cue Normal file
View File

@@ -0,0 +1,94 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta3
import "strings"
// Provider is the Schema for the providers API
#Provider: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta3"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Provider"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ProviderSpec defines the desired state of the Provider.
spec!: #ProviderSpec
}
// ProviderSpec defines the desired state of the Provider.
#ProviderSpec: {
// Address specifies the endpoint, in a generic sense, to where
// alerts are sent.
// What kind of endpoint depends on the specific Provider type
// being used.
// For the generic Provider, for example, this is an HTTP/S
// address.
// For other Provider types this could be a project ID or a
// namespace.
address?: strings.MaxRunes(2048)
certSecretRef?: {
// Name of the referent.
name: string
}
// Channel specifies the destination channel where events should
// be posted.
channel?: strings.MaxRunes(2048)
// Interval at which to reconcile the Provider with its Secret
// references.
// Deprecated and not used in v1beta3.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Proxy the HTTP/S address of the proxy server.
proxy?: strings.MaxRunes(2048) & {
=~"^(http|https)://.*$"
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this Provider.
suspend?: bool
// Timeout for sending alerts to the Provider.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type specifies which Provider implementation to use.
type: "slack" | "discord" | "msteams" | "rocket" | "generic" | "generic-hmac" | "github" | "gitlab" | "gitea" | "bitbucketserver" | "bitbucket" | "azuredevops" | "googlechat" | "googlepubsub" | "webex" | "sentry" | "azureeventhub" | "telegram" | "lark" | "matrix" | "opsgenie" | "alertmanager" | "grafana" | "githubdispatch" | "pagerduty" | "datadog" | "nats"
// Username specifies the name under which events are posted.
username?: strings.MaxRunes(2048)
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Receiver is the Schema for the receivers API.
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of the Receiver.
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of the Receiver.
#ReceiverSpec: {
// Events specifies the list of event types to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// Interval at which to reconcile the Receiver with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" | *"10m"
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this receiver.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr" | "cdevents"
}

91
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,91 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Receiver is the Schema for the receivers API
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of Receiver
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of Receiver
#ReceiverSpec: {
// A list of events to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
// Name of the referent
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend subsequent events
// handling.
// Defaults to false.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr"
}

96
internal/generate/platforms/cue.mod/gen/notification.toolkit.fluxcd.io/receiver/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,96 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Receiver is the Schema for the receivers API.
#Receiver: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "notification.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Receiver"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// ReceiverSpec defines the desired state of the Receiver.
spec!: #ReceiverSpec
}
// ReceiverSpec defines the desired state of the Receiver.
#ReceiverSpec: {
// Events specifies the list of event types to handle,
// e.g. 'push' for GitHub or 'Push Hook' for GitLab.
events?: [...string]
// Interval at which to reconcile the Receiver with its Secret
// references.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// A list of resources to be notified about changes.
resources: [...{
// API version of the referent
apiVersion?: string
// Kind of the referent
kind: "Bucket" | "GitRepository" | "Kustomization" | "HelmRelease" | "HelmChart" | "HelmRepository" | "ImageRepository" | "ImagePolicy" | "ImageUpdateAutomation" | "OCIRepository"
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
// MatchLabels requires the name to be set to `*`.
matchLabels?: {
[string]: string
}
// Name of the referent
// If multiple resources are targeted `*` may be set.
name: strings.MaxRunes(53) & strings.MinRunes(1)
// Namespace of the referent
namespace?: strings.MaxRunes(53) & strings.MinRunes(1)
}]
secretRef: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend subsequent
// events handling for this receiver.
suspend?: bool
// Type of webhook sender, used to determine
// the validation procedure and payload deserialization.
type: "generic" | "generic-hmac" | "github" | "gitlab" | "bitbucket" | "harbor" | "dockerhub" | "quay" | "gcr" | "nexus" | "acr"
}

135
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,135 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// Bucket is the Schema for the buckets API.
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
spec!: #BucketSpec
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
#BucketSpec: {
// BucketName is the name of the object storage bucket.
bucketName: string
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the object storage address the BucketName is
// located at.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP Endpoint.
insecure?: bool
// Interval at which the Bucket Endpoint is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Prefix to use for server-side filtering of files in the Bucket.
prefix?: string
// Provider of the object storage bucket.
// Defaults to 'generic', which expects an S3 (API) compatible
// object
// storage.
provider?: "generic" | "aws" | "gcp" | "azure" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// Region of the Endpoint where the BucketName is located in.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// STS specifies the required configuration to use a Security
// Token
// Service for fetching temporary credentials to authenticate in a
// Bucket provider.
//
// This field is only supported for the `aws` and `generic`
// providers.
sts?: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the HTTP/S endpoint of the Security Token Service
// from
// where temporary credentials will be fetched.
endpoint: =~"^(http|https)://.*$"
// Provider of the Security Token Service.
provider: "aws" | "ldap"
secretRef?: {
// Name of the referent.
name: string
}
}
// Suspend tells the controller to suspend the reconciliation of
// this
// Bucket.
suspend?: bool
// Timeout for fetch operations, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
}

103
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,103 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// Bucket is the Schema for the buckets API
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec defines the desired state of an S3 compatible bucket
spec!: #BucketSpec
}
// BucketSpec defines the desired state of an S3 compatible bucket
#BucketSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The bucket name.
bucketName: string
// The bucket endpoint address.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS S3 HTTP endpoint.
insecure?: bool
// The interval at which to check for bucket updates.
interval: string
// The S3 compatible storage provider name, default ('generic').
provider?: "generic" | "aws" | "gcp" | *"generic"
// The bucket region.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for download operations, defaults to 60s.
timeout?: string | *"60s"
}

152
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/bucket/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,152 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// Bucket is the Schema for the buckets API.
#Bucket: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "Bucket"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
spec!: #BucketSpec
}
// BucketSpec specifies the required configuration to produce an
// Artifact for
// an object storage bucket.
#BucketSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// BucketName is the name of the object storage bucket.
bucketName: string
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the object storage address the BucketName is
// located at.
endpoint: string
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP Endpoint.
insecure?: bool
// Interval at which the Bucket Endpoint is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Prefix to use for server-side filtering of files in the Bucket.
prefix?: string
// Provider of the object storage bucket.
// Defaults to 'generic', which expects an S3 (API) compatible
// object
// storage.
provider?: "generic" | "aws" | "gcp" | "azure" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// Region of the Endpoint where the BucketName is located in.
region?: string
secretRef?: {
// Name of the referent.
name: string
}
// STS specifies the required configuration to use a Security
// Token
// Service for fetching temporary credentials to authenticate in a
// Bucket provider.
//
// This field is only supported for the `aws` and `generic`
// providers.
sts?: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Endpoint is the HTTP/S endpoint of the Security Token Service
// from
// where temporary credentials will be fetched.
endpoint: =~"^(http|https)://.*$"
// Provider of the Security Token Service.
provider: "aws" | "ldap"
secretRef?: {
// Name of the referent.
name: string
}
}
// Suspend tells the controller to suspend the reconciliation of
// this
// Bucket.
suspend?: bool
// Timeout for fetch operations, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
}

167
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,167 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// GitRepository is the Schema for the gitrepositories API.
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
#GitRepositorySpec: {
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Include specifies a list of GitRepository resources which
// Artifacts
// should be included in the Artifact produced for this
// GitRepository.
include?: [...{
// FromPath specifies the path to copy contents from, defaults to
// the root
// of the Artifact.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// ToPath specifies the path to copy contents to, defaults to the
// name of
// the GitRepositoryRef.
toPath?: string
}]
// Interval at which the GitRepository URL is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// Provider used for authentication, can be 'azure', 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "azure"
proxySecretRef?: {
// Name of the referent.
name: string
}
// RecurseSubmodules enables the initialization of all submodules
// within
// the GitRepository as cloned from the URL, using their default
// settings.
recurseSubmodules?: bool
// Reference specifies the Git reference to resolve and monitor
// for
// changes, defaults to the 'master' branch.
ref?: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// GitRepository.
suspend?: bool
// Timeout for Git operations like cloning, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL specifies the Git repository URL, it can be an HTTP/S or
// SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verification specifies the configuration to verify the Git
// commit
// signature(s).
verify?: {
// Mode specifies which Git object(s) should be verified.
//
// The variants "head" and "HEAD" both imply the same thing, i.e.
// verify
// the commit that the HEAD of the Git repository points to. The
// variant
// "head" solely exists to ensure backwards compatibility.
mode?: "head" | "HEAD" | "Tag" | "TagAndHEAD" | *"HEAD"
secretRef: {
// Name of the referent.
name: string
}
}
}

148
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,148 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// GitRepository is the Schema for the gitrepositories API
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec defines the desired state of a Git
// repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec defines the desired state of a Git
// repository.
#GitRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// Determines which git client library to use.
// Defaults to go-git, valid values are ('go-git', 'libgit2').
gitImplementation?: "go-git" | "libgit2" | *"go-git"
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Extra git repositories to map into the repository
include?: [...{
// The path to copy contents from, defaults to the root directory.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// The path to copy contents to, defaults to the name of the
// source ref.
toPath?: string
}]
// The interval at which to check for repository updates.
interval: string
// When enabled, after the clone is created, initializes all
// submodules within,
// using their default settings.
// This option is available only when using the 'go-git'
// GitImplementation.
recurseSubmodules?: bool
// The Git reference to checkout and monitor for changes, defaults
// to
// master branch.
ref?: {
// The Git branch to checkout, defaults to master.
branch?: string
// The Git commit SHA to checkout, if specified Tag filters will
// be ignored.
commit?: string
// The Git tag semver expression, takes precedence over Tag.
semver?: string
// The Git tag to checkout, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for remote Git operations like cloning, defaults to
// 60s.
timeout?: string | *"60s"
// The repository URL, can be a HTTP/S or SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verify OpenPGP signature for the Git commit HEAD points to.
verify?: {
// Mode describes what git object should be verified, currently
// ('head').
mode: "head"
secretRef?: {
// Name of the referent.
name: string
}
}
}

177
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/gitrepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,177 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// GitRepository is the Schema for the gitrepositories API.
#GitRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "GitRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
spec!: #GitRepositorySpec
}
// GitRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Git repository.
#GitRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// GitImplementation specifies which Git client library
// implementation to
// use. Defaults to 'go-git', valid values are ('go-git',
// 'libgit2').
// Deprecated: gitImplementation is deprecated now that 'go-git'
// is the
// only supported implementation.
gitImplementation?: "go-git" | "libgit2" | *"go-git"
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Include specifies a list of GitRepository resources which
// Artifacts
// should be included in the Artifact produced for this
// GitRepository.
include?: [...{
// FromPath specifies the path to copy contents from, defaults to
// the root
// of the Artifact.
fromPath?: string
repository: {
// Name of the referent.
name: string
}
// ToPath specifies the path to copy contents to, defaults to the
// name of
// the GitRepositoryRef.
toPath?: string
}]
// Interval at which to check the GitRepository for updates.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// RecurseSubmodules enables the initialization of all submodules
// within
// the GitRepository as cloned from the URL, using their default
// settings.
recurseSubmodules?: bool
// Reference specifies the Git reference to resolve and monitor
// for
// changes, defaults to the 'master' branch.
ref?: {
// Branch to check out, defaults to 'master' if no other field is
// defined.
branch?: string
// Commit SHA to check out, takes precedence over all reference
// fields.
//
// This can be combined with Branch to shallow clone the branch,
// in which
// the commit is expected to exist.
commit?: string
// Name of the reference to check out; takes precedence over
// Branch, Tag and SemVer.
//
// It must be a valid Git reference:
// https://git-scm.com/docs/git-check-ref-format#_description
// Examples: "refs/heads/main", "refs/tags/v0.1.0",
// "refs/pull/420/head", "refs/merge-requests/1/head"
name?: string
// SemVer tag expression to check out, takes precedence over Tag.
semver?: string
// Tag to check out, takes precedence over Branch.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// GitRepository.
suspend?: bool
// Timeout for Git operations like cloning, defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL specifies the Git repository URL, it can be an HTTP/S or
// SSH address.
url: =~"^(http|https|ssh)://.*$"
// Verification specifies the configuration to verify the Git
// commit
// signature(s).
verify?: {
// Mode specifies what Git object should be verified, currently
// ('head').
mode: "head"
secretRef: {
// Name of the referent.
name: string
}
}
}

149
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,149 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// HelmChart is the Schema for the helmcharts API.
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec specifies the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec specifies the desired state of a Helm chart.
#HelmChartSpec: {
// Chart is the name or path the Helm chart is available at in the
// SourceRef.
chart: string
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values
// files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which the HelmChart SourceRef is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// ReconcileStrategy determines what enables the creation of a new
// artifact.
// Valid values are ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// SourceRef is the reference to the Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// source.
suspend?: bool
// ValuesFiles is an alternative list of values files to use as
// the chart
// values (values.yaml is not included by default), expected to be
// a
// relative path in the SourceRef.
// Values files are merged in the order of this list with the last
// file
// overriding the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported when using HelmRepository source
// with spec.type 'oci'.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version is the chart version semver expression, ignored for
// charts from
// GitRepository and Bucket sources. Defaults to latest when
// omitted.
version?: string | *"*"
}

122
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,122 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// HelmChart is the Schema for the helmcharts API
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec defines the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec defines the desired state of a Helm chart.
#HelmChartSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The name or path the Helm chart is available at in the
// SourceRef.
chart: string
// The interval at which to check the Source for updates.
interval: string
// Determines what enables the creation of a new artifact. Valid
// values are
// ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// The reference to the Source the chart is available at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// Alternative values file to use as the default chart values,
// expected to
// be a relative path in the SourceRef. Deprecated in favor of
// ValuesFiles,
// for backwards compatibility the file defined here is merged
// before the
// ValuesFiles items. Ignored when omitted.
valuesFile?: string
// Alternative list of values files to use as the chart values
// (values.yaml
// is not included by default), expected to be a relative path in
// the SourceRef.
// Values files are merged in the order of this list with the last
// file overriding
// the first. Ignored when omitted.
valuesFiles?: [...string]
// The chart version semver expression, ignored for charts from
// GitRepository
// and Bucket sources. Defaults to latest when omitted.
version?: string | *"*"
}

175
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmchart/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,175 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// HelmChart is the Schema for the helmcharts API.
#HelmChart: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmChart"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmChartSpec specifies the desired state of a Helm chart.
spec!: #HelmChartSpec
}
// HelmChartSpec specifies the desired state of a Helm chart.
#HelmChartSpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// Chart is the name or path the Helm chart is available at in the
// SourceRef.
chart: string
// IgnoreMissingValuesFiles controls whether to silently ignore
// missing values
// files rather than failing.
ignoreMissingValuesFiles?: bool
// Interval at which the HelmChart SourceRef is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// ReconcileStrategy determines what enables the creation of a new
// artifact.
// Valid values are ('ChartVersion', 'Revision').
// See the documentation of the values for an explanation on their
// behavior.
// Defaults to ChartVersion when omitted.
reconcileStrategy?: "ChartVersion" | "Revision" | *"ChartVersion"
// SourceRef is the reference to the Source the chart is available
// at.
sourceRef: {
// APIVersion of the referent.
apiVersion?: string
// Kind of the referent, valid values are ('HelmRepository',
// 'GitRepository',
// 'Bucket').
kind: "HelmRepository" | "GitRepository" | "Bucket"
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// source.
suspend?: bool
// ValuesFile is an alternative values file to use as the default
// chart
// values, expected to be a relative path in the SourceRef.
// Deprecated in
// favor of ValuesFiles, for backwards compatibility the file
// specified here
// is merged before the ValuesFiles items. Ignored when omitted.
valuesFile?: string
// ValuesFiles is an alternative list of values files to use as
// the chart
// values (values.yaml is not included by default), expected to be
// a
// relative path in the SourceRef.
// Values files are merged in the order of this list with the last
// file
// overriding the first. Ignored when omitted.
valuesFiles?: [...string]
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
// This field is only supported when using HelmRepository source
// with spec.type 'oci'.
// Chart dependencies, which are not bundled in the umbrella chart
// artifact, are not verified.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
// Version is the chart version semver expression, ignored for
// charts from
// GitRepository and Bucket sources. Defaults to latest when
// omitted.
version?: string | *"*"
}

132
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1/types_gen.cue Normal file
View File

@@ -0,0 +1,132 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1
import "strings"
// HelmRepository is the Schema for the helmrepositories API.
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// Insecure allows connecting to a non-TLS HTTP container
// registry.
// This field is only taken into account if the .spec.type field
// is set to 'oci'.
insecure?: bool
// Interval at which the HelmRepository URL is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PassCredentials allows the credentials from the SecretRef to be
// passed
// on to a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the
// index differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result
// in credentials getting stolen in a MITM-attack.
passCredentials?: bool
// Provider used for authentication, can be 'aws', 'azure', 'gcp'
// or 'generic'.
// This field is optional, and only taken into account if the
// .spec.type field is set to 'oci'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// HelmRepository.
suspend?: bool
// Timeout is used for the index fetch operation for an HTTPS helm
// repository,
// and for remote OCI Repository operations like pulling for an
// OCI helm
// chart by the associated HelmChart.
// Its default value is 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of the HelmRepository.
// When this field is set to "oci", the URL field value must be
// prefixed with "oci://".
type?: "default" | "oci"
// URL of the Helm repository, a valid URL contains at least a
// protocol and
// host.
url: =~"^(http|https|oci)://.*$"
}

95
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1beta1/types_gen.cue Normal file
View File

@@ -0,0 +1,95 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta1
import "strings"
// HelmRepository is the Schema for the helmrepositories API
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta1"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec defines the reference to a Helm repository.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec defines the reference to a Helm repository.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
// The interval at which to check the upstream for updates.
interval: string
// PassCredentials allows the credentials from the SecretRef to be
// passed on to
// a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the index
// differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result in
// credentials getting stolen in a MITM-attack.
passCredentials?: bool
secretRef?: {
// Name of the referent.
name: string
}
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout of index downloading, defaults to 60s.
timeout?: string | *"60s"
// The Helm repository URL, a valid URL contains at least a
// protocol and host.
url: string
}

132
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/helmrepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,132 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// HelmRepository is the Schema for the helmrepositories API.
#HelmRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "HelmRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
spec!: #HelmRepositorySpec
}
// HelmRepositorySpec specifies the required configuration to
// produce an
// Artifact for a Helm repository index YAML.
#HelmRepositorySpec: {
accessFrom?: {
// NamespaceSelectors is the list of namespace selectors to which
// this ACL applies.
// Items in this list are evaluated using a logical OR operation.
namespaceSelectors: [...{
// MatchLabels is a map of {key,value} pairs. A single {key,value}
// in the matchLabels
// map is equivalent to an element of matchExpressions, whose key
// field is "key", the
// operator is "In", and the values array contains only "value".
// The requirements are ANDed.
matchLabels?: {
[string]: string
}
}]
}
certSecretRef?: {
// Name of the referent.
name: string
}
// Insecure allows connecting to a non-TLS HTTP container
// registry.
// This field is only taken into account if the .spec.type field
// is set to 'oci'.
insecure?: bool
// Interval at which the HelmRepository URL is checked for
// updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// PassCredentials allows the credentials from the SecretRef to be
// passed
// on to a host that does not match the host as defined in URL.
// This may be required if the host of the advertised chart URLs
// in the
// index differ from the defined URL.
// Enabling this should be done with caution, as it can
// potentially result
// in credentials getting stolen in a MITM-attack.
passCredentials?: bool
// Provider used for authentication, can be 'aws', 'azure', 'gcp'
// or 'generic'.
// This field is optional, and only taken into account if the
// .spec.type field is set to 'oci'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
secretRef?: {
// Name of the referent.
name: string
}
// Suspend tells the controller to suspend the reconciliation of
// this
// HelmRepository.
suspend?: bool
// Timeout is used for the index fetch operation for an HTTPS helm
// repository,
// and for remote OCI Repository operations like pulling for an
// OCI helm
// chart by the associated HelmChart.
// Its default value is 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
// Type of the HelmRepository.
// When this field is set to "oci", the URL field value must be
// prefixed with "oci://".
type?: "default" | "oci"
// URL of the Helm repository, a valid URL contains at least a
// protocol and
// host.
url: =~"^(http|https|oci)://.*$"
}

179
internal/generate/platforms/cue.mod/gen/source.toolkit.fluxcd.io/ocirepository/v1beta2/types_gen.cue Normal file
View File

@@ -0,0 +1,179 @@
// Code generated by timoni. DO NOT EDIT.
//timoni:generate timoni vendor crd -f /Users/jeff/Holos/bank-of-holos/tmp/flux/crds.yaml
package v1beta2
import "strings"
// OCIRepository is the Schema for the ocirepositories API
#OCIRepository: {
// APIVersion defines the versioned schema of this representation
// of an object.
// Servers should convert recognized schemas to the latest
// internal value, and
// may reject unrecognized values.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
apiVersion: "source.toolkit.fluxcd.io/v1beta2"
// Kind is a string value representing the REST resource this
// object represents.
// Servers may infer this from the endpoint the client submits
// requests to.
// Cannot be updated.
// In CamelCase.
// More info:
// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: "OCIRepository"
metadata!: {
name!: strings.MaxRunes(253) & strings.MinRunes(1) & {
string
}
namespace!: strings.MaxRunes(63) & strings.MinRunes(1) & {
string
}
labels?: {
[string]: string
}
annotations?: {
[string]: string
}
}
// OCIRepositorySpec defines the desired state of OCIRepository
spec!: #OCIRepositorySpec
}
// OCIRepositorySpec defines the desired state of OCIRepository
#OCIRepositorySpec: {
certSecretRef?: {
// Name of the referent.
name: string
}
// Ignore overrides the set of excluded patterns in the
// .sourceignore format
// (which is the same as .gitignore). If not provided, a default
// will be used,
// consult the documentation for your version to find out what
// those are.
ignore?: string
// Insecure allows connecting to a non-TLS HTTP container
// registry.
insecure?: bool
// Interval at which the OCIRepository URL is checked for updates.
// This interval is approximate and may be subject to jitter to
// ensure
// efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
// LayerSelector specifies which layer should be extracted from
// the OCI artifact.
// When not specified, the first layer found in the artifact is
// selected.
layerSelector?: {
// MediaType specifies the OCI media type of the layer
// which should be extracted from the OCI Artifact. The
// first layer matching this type is selected.
mediaType?: string
// Operation specifies how the selected layer should be processed.
// By default, the layer compressed content is extracted to
// storage.
// When the operation is set to 'copy', the layer compressed
// content
// is persisted to storage as it is.
operation?: "extract" | "copy"
}
// The provider used for authentication, can be 'aws', 'azure',
// 'gcp' or 'generic'.
// When not specified, defaults to 'generic'.
provider?: "generic" | "aws" | "azure" | "gcp" | *"generic"
proxySecretRef?: {
// Name of the referent.
name: string
}
// The OCI reference to pull and monitor for changes,
// defaults to the latest tag.
ref?: {
// Digest is the image digest to pull, takes precedence over
// SemVer.
// The value should be in the format 'sha256:<HASH>'.
digest?: string
// SemVer is the range of tags to pull selecting the latest within
// the range, takes precedence over Tag.
semver?: string
// SemverFilter is a regex pattern to filter the tags within the
// SemVer range.
semverFilter?: string
// Tag is the image tag to pull, defaults to latest.
tag?: string
}
secretRef?: {
// Name of the referent.
name: string
}
// ServiceAccountName is the name of the Kubernetes ServiceAccount
// used to authenticate
// the image pull if the service account has attached pull
// secrets. For more information:
// https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
serviceAccountName?: string
// This flag tells the controller to suspend the reconciliation of
// this source.
suspend?: bool
// The timeout for remote OCI Repository operations like pulling,
// defaults to 60s.
timeout?: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" | *"60s"
// URL is a reference to an OCI artifact repository hosted
// on a remote container registry.
url: =~"^oci://.*$"
// Verify contains the secret name containing the trusted public
// keys
// used to verify the signature and specifies which provider to
// use to check
// whether OCI image is authentic.
verify?: {
// MatchOIDCIdentity specifies the identity matching criteria to
// use
// while verifying an OCI artifact which was signed using Cosign
// keyless
// signing. The artifact's identity is deemed to be verified if
// any of the
// specified matchers match against the identity.
matchOIDCIdentity?: [...{
// Issuer specifies the regex pattern to match against to verify
// the OIDC issuer in the Fulcio certificate. The pattern must be
// a
// valid Go regular expression.
issuer: string
// Subject specifies the regex pattern to match against to verify
// the identity subject in the Fulcio certificate. The pattern
// must
// be a valid Go regular expression.
subject: string
}]
// Provider specifies the technology used to sign the OCI
// Artifact.
provider: "cosign" | "notation" | *"cosign"
secretRef?: {
// Name of the referent.
name: string
}
}
}

4
internal/generate/platforms/cue.mod/module.cue
View File

@@ -1,2 +1,2 @@
module: "user.holos.run/platform"
language: version: "v0.9.2"
module: "example.com/platform"
language: version: "v0.11.0"

2
internal/holos/interface.go
View File

@@ -21,6 +21,8 @@ type Platform interface {
type Component interface {
Describe() string
Path() string
// ExtractYAML represents the values of the --extract-yaml flag
ExtractYAML() ([]string, error)
Tags() ([]string, error)
WriteTo() string
Labels() Labels

3
internal/util/util.go
View File

@@ -42,6 +42,9 @@ func FindCueMod(path string) (root string, err error) {
return root, nil
}
// FindRootLeaf returns the root path containing the cue.mod and the leaf path
// relative to the root for the given target path. FindRootLeaf calls
// [filepath.Clean] on the returned paths.
func FindRootLeaf(target string) (root string, leaf string, err error) {
if root, err = FindCueMod(target); err != nil {
return "", "", err

4
service/buf.lock
View File

@@ -4,5 +4,5 @@ deps:
- remote: buf.build
owner: bufbuild
repository: protovalidate
commit: 5a7b106cbb87462d9a8c9ffecdbd2e38
digest: shake256:2f7efa5a904668219f039d4f6eeb51e871f8f7f5966055a10663cba335bd65f76cac84da3fa758ab7b5dcb489ec599521390ce3951d119fb56df1fc2def16bb0
commit: a3320276596649bcad929ac829d451f4
digest: shake256:a6e5f64fd3fd47e3e8568e9753f59a1566f56c11ec055baf65463d3bca3499f6f16c2d6f5628fa41cfd0f4fa7e72abe65be4efd77d269749492472ed4cc4070d

2
version/embedded/patch
View File

@@ -1 +1 @@
4
7