From 207290a8f8851e8046ab94f74f3a001acbe118c5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 26 Feb 2024 00:01:53 +0000 Subject: [PATCH] [local] flux version 2.2.3 --- .../local/flux-system/gotk-components.yaml | 1569 ++--------------- 1 file changed, 130 insertions(+), 1439 deletions(-) diff --git a/clusters/overlays/local/flux-system/gotk-components.yaml b/clusters/overlays/local/flux-system/gotk-components.yaml index 1840888..83b02ae 100644 --- a/clusters/overlays/local/flux-system/gotk-components.yaml +++ b/clusters/overlays/local/flux-system/gotk-components.yaml @@ -1,14 +1,14 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.2.0 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller +# Flux Version: v2.2.3 +# Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: crd-controller-flux-system rules: - apiGroups: @@ -188,7 +188,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -214,7 +214,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -239,7 +239,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -259,7 +259,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -294,7 +294,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -816,7 +816,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2017,7 +2017,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2639,7 +2639,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3168,7 +3168,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3557,7 +3557,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: source-controller namespace: flux-system --- @@ -3568,7 +3568,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: source-controller namespace: flux-system @@ -3589,7 +3589,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: source-controller namespace: flux-system @@ -3624,7 +3624,7 @@ spec: fieldPath: metadata.namespace - name: TUF_ROOT value: /tmp/.sigstore - image: ghcr.io/fluxcd/source-controller:v1.2.2 + image: ghcr.io/fluxcd/source-controller:v1.2.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3688,7 +3688,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5320,7 +5320,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: kustomize-controller namespace: flux-system --- @@ -5331,7 +5331,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5360,7 +5360,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v1.2.0 + image: ghcr.io/fluxcd/kustomize-controller:v1.2.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5417,7 +5417,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -5613,6 +5613,82 @@ spec: - name type: object type: array + driftDetection: + description: "DriftDetection holds the configuration for detecting + and handling differences between the manifest in the Helm storage + and the resources currently existing in the cluster. \n Note: this + field is provisional to the v2beta2 API, and not actively used by + v2beta1 HelmReleases." + properties: + ignore: + description: Ignore contains a list of rules for specifying which + changes to ignore during diffing. + items: + description: IgnoreRule defines a rule to selectively disregard + specific changes during the drift detection process. + properties: + paths: + description: Paths is a list of JSON Pointer (RFC 6901) + paths to be excluded from consideration in a Kubernetes + object. + items: + type: string + type: array + target: + description: Target is a selector for specifying Kubernetes + objects to which this rule applies. If Target is not set, + the Paths will be ignored for all Kubernetes objects within + the manifest of the Helm release. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable + of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is capable + of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array + mode: + description: Mode defines how differences should be handled between + the Helm manifest and the manifest currently applied to the + cluster. If not explicitly set, it defaults to DiffModeDisabled. + enum: + - enabled + - warn + - disabled + type: string + type: object install: description: Install holds the configuration for Helm install actions for this HelmRelease. @@ -6425,11 +6501,23 @@ spec: description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. type: string + lastHandledForceAt: + description: "LastHandledForceAt holds the value of the most recent + force request value, so a change of the annotation value can be + detected. \n Note: this field is provisional to the v2beta2 API, + and not actively used by v2beta1 HelmReleases." + type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. type: string + lastHandledResetAt: + description: "LastHandledResetAt holds the value of the most recent + reset request value, so a change of the annotation value can be + detected. \n Note: this field is provisional to the v2beta2 API, + and not actively used by v2beta1 HelmReleases." + type: string lastReleaseRevision: description: LastReleaseRevision is the revision of the last successful Helm release. @@ -7589,7 +7677,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: helm-controller namespace: flux-system --- @@ -7600,7 +7688,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: helm-controller namespace: flux-system @@ -7629,7 +7717,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.37.0 + image: ghcr.io/fluxcd/helm-controller:v0.37.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -7686,7 +7774,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -8258,7 +8346,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -8712,6 +8800,11 @@ spec: should be posted. maxLength: 2048 type: string + interval: + description: Interval at which to reconcile the Provider with its + Secret references. Deprecated and not used in v1beta3. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string proxy: description: Proxy the HTTP/S address of the proxy server. maxLength: 2048 @@ -8787,7 +8880,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9453,7 +9546,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 name: notification-controller namespace: flux-system --- @@ -9464,7 +9557,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: notification-controller namespace: flux-system @@ -9485,7 +9578,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: webhook-receiver namespace: flux-system @@ -9506,7 +9599,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 + app.kubernetes.io/version: v2.2.3 control-plane: controller name: notification-controller namespace: flux-system @@ -9534,7 +9627,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v1.2.2 + image: ghcr.io/fluxcd/notification-controller:v1.2.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9586,1405 +9679,3 @@ spec: volumes: - emptyDir: {} name: temp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - name: imagepolicies.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy. - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - observedPreviousImage: - description: ObservedPreviousImage is the observed previous LatestImage. - It is used to keep track of the previous and current images. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - name: imagerepositories.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageRepository - listKind: ImageRepositoryList - plural: imagerepositories - singular: imagerepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a secret containing - either or both of \n - a PEM-encoded client certificate (`certFile`) - and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - type: array - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - default: - - ^.*\.sig$ - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - maxItems: 25 - type: array - image: - description: Image is the name of the image repository - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - latestTags: - items: - type: string - type: array - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedExclusionList: - description: ObservedExclusionList is a list of observed exclusion - list. It reflects the exclusion rules used for the observed scan - result in spec.lastScanResult. - items: - type: string - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - name: image-reflector-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - control-plane: controller - name: image-reflector-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: image-reflector-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: image-reflector-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-reflector-controller:v0.31.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - - mountPath: /data - name: data - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: image-reflector-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - - emptyDir: {} - name: data ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - name: imageupdateautomations.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageUpdateAutomation - listKind: ImageUpdateAutomationList - plural: imageupdateautomations - singular: imageupdateautomation - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation - properties: - git: - description: GitSpec contains all the git-specific definitions. This - is technically optional, but in practice mandatory until there are - other kinds of source allowed. - properties: - checkout: - description: Checkout gives the parameters for cloning the git - repository, ready to make changes. If not present, the `spec.ref` - field from the referenced `GitRepository` or its default will - be used. - properties: - ref: - description: Reference gives a branch, tag or commit to clone - from the Git repository. - properties: - branch: - description: Branch to check out, defaults to 'master' - if no other field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence - over all reference fields. \n This can be combined with - Branch to shallow clone the branch, in which the commit - is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes - precedence over Branch, Tag and SemVer. \n It must be - a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: \"refs/heads/main\", \"refs/tags/v0.1.0\", - \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes - precedence over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - required: - - ref - type: object - commit: - description: Commit specifies how to commit to the git repository. - properties: - author: - description: Author gives the email and optionally the name - to use as the author of commits. - properties: - email: - description: Email gives the email to provide when making - a commit. - type: string - name: - description: Name gives the name to provide when making - a commit. - type: string - required: - - email - type: object - messageTemplate: - description: MessageTemplate provides a template for the commit - message, into which will be interpolated the details of - the change made. - type: string - signingKey: - description: SigningKey provides the option to sign commits - with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret that - contains a 'git.asc' key corresponding to the ASCII - Armored file containing the GPG signing keypair as the - value. It must be in the same namespace as the ImageUpdateAutomation. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - required: - - author - type: object - push: - description: Push specifies how and where to push commits made - by the automation. If missing, commits are pushed (back) to - `.spec.checkout.branch` or its default. - properties: - branch: - description: Branch specifies that commits should be pushed - to the branch named. The branch is created using `.spec.checkout.branch` - as the starting point, if it doesn't already exist. - type: string - options: - additionalProperties: - type: string - description: 'Options specifies the push options that are - sent to the Git server when performing a push operation. - For details, see: https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt' - type: object - refspec: - description: 'Refspec specifies the Git Refspec to use for - a push operation. If both Branch and Refspec are provided, - then the commit is pushed to the branch and also using the - specified refspec. For more details about Git Refspecs, - see: https://git-scm.com/book/en/v2/Git-Internals-The-Refspec' - type: string - type: object - required: - - commit - type: object - interval: - description: Interval gives an lower bound for how often the automation - run should be attempted. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - sourceRef: - description: SourceRef refers to the resource giving access details - to a git repository. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - default: GitRepository - description: Kind of the referent. - enum: - - GitRepository - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to not run this automation, - until it is unset (or set to false). Defaults to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update the - files in the repository. This can be left empty, to use the default - value. - properties: - path: - description: Path to the directory containing the manifests to - be updated. Defaults to 'None', which translates to the root - path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: ImageUpdateAutomationStatus defines the observed state of - ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the controller - ran this automation through to completion (even if no updates were - made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit made - by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - name: image-automation-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.2.0 - control-plane: controller - name: image-automation-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: image-automation-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: image-automation-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-automation-controller:v0.37.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: image-automation-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp