From 54017b6e3e1c1635ed5a5d959f318e8914aa116c Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Mon, 17 Jun 2024 09:58:13 -0400 Subject: [PATCH 1/5] Migrate from fluxcd-community charts to Flux-Operator (#166) Signed-off-by: Kingdon Barrett --- packages/core/fluxcd/Makefile | 11 +- .../{flux2 => flux-operator}/.helmignore | 3 +- .../fluxcd/charts/flux-operator/Chart.yaml | 30 + .../fluxcd/charts/flux-operator/README.md | 56 + .../charts/flux-operator/templates/NOTES.txt | 1 + .../flux-operator/templates/_helpers.tpl | 58 + .../flux-operator/templates/clusterrole.yaml | 21 + .../charts/flux-operator/templates/crds.yaml | 420 +++ .../flux-operator/templates/deployment.yaml | 94 + .../flux-operator/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 15 + .../charts/flux-operator/values.schema.json | 303 ++ .../fluxcd/charts/flux-operator/values.yaml | 95 + packages/core/fluxcd/charts/flux2/Chart.yaml | 11 - packages/core/fluxcd/charts/flux2/README.md | 174 - .../fluxcd/charts/flux2/templates/_helper.tpl | 7 - .../templates/aggregate-clusterroles.yaml | 47 - ...cluster-reconciler-clusterrolebinding.yaml | 26 - ...r-reconciler-impersonator-clusterrole.yaml | 19 - ...ciler-impersonator-clusterrolebinding.yaml | 26 - .../templates/crd-controller-clusterrole.yaml | 82 - .../crd-controller-clusterrolebinding.yaml | 38 - .../flux2/templates/extra-manifests.yaml | 4 - .../flux2/templates/helm-controller-sa.yaml | 18 - .../flux2/templates/helm-controller.crds.yaml | 2268 ------------ .../flux2/templates/helm-controller.yaml | 133 - .../image-automation-controller-sa.yaml | 18 - .../image-automation-controller.crds.yaml | 326 -- .../image-automation-controller.yaml | 135 - .../image-reflector-controller-sa.yaml | 18 - .../image-reflector-controller.crds.yaml | 901 ----- .../templates/image-reflector-controller.yaml | 139 - .../templates/kustomize-controller-sa.yaml | 18 - .../kustomize-controller-secret.yaml | 18 - .../templates/kustomize-controller.crds.yaml | 1640 -------- .../flux2/templates/kustomize-controller.yaml | 158 - .../notification-controller-ingress.yaml | 49 - .../templates/notification-controller-sa.yaml | 18 - .../notification-controller-service.yaml | 29 - ...tification-controller-webhook-service.yaml | 26 - .../notification-controller.crds.yaml | 1790 --------- .../templates/notification-controller.yaml | 136 - .../charts/flux2/templates/podmonitor.yaml | 32 - .../charts/flux2/templates/policies.yaml | 63 - .../pre-install-job-serviceaccount.yaml | 14 - .../flux2/templates/pre-install-job.yaml | 72 - .../templates/source-controller-service.yaml | 29 - .../source-controller-serviceaccount.yaml | 18 - .../templates/source-controller.crds.yaml | 3291 ----------------- .../flux2/templates/source-controller.yaml | 140 - packages/core/fluxcd/charts/flux2/values.yaml | 327 -- .../core/fluxcd/templates/flux-instance.yaml | 15 + packages/core/fluxcd/values.yaml | 13 + packages/core/fluxcd/valuesFile.yaml | 11 + .../core/platform/templates/namespaces.yaml | 2 +- scripts/installer.sh | 25 +- 56 files changed, 1180 insertions(+), 12273 deletions(-) rename packages/core/fluxcd/charts/{flux2 => flux-operator}/.helmignore (95%) create mode 100644 packages/core/fluxcd/charts/flux-operator/Chart.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/README.md create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/crds.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/service.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml create mode 100644 packages/core/fluxcd/charts/flux-operator/values.schema.json create mode 100644 packages/core/fluxcd/charts/flux-operator/values.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/Chart.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/README.md delete mode 100644 packages/core/fluxcd/charts/flux2/templates/_helper.tpl delete mode 100644 packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/policies.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/templates/source-controller.yaml delete mode 100644 packages/core/fluxcd/charts/flux2/values.yaml create mode 100644 packages/core/fluxcd/templates/flux-instance.yaml create mode 100644 packages/core/fluxcd/values.yaml create mode 100644 packages/core/fluxcd/valuesFile.yaml diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index 9a44bd14..15494d2d 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -7,14 +7,13 @@ show: helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) apply: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f- + helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml \ + --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f- diff: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- + helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml \ + --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- update: rm -rf charts - helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts - helm repo update fluxcd-community - helm pull fluxcd-community/flux2 --untar --untardir charts - sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts` + helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts diff --git a/packages/core/fluxcd/charts/flux2/.helmignore b/packages/core/fluxcd/charts/flux-operator/.helmignore similarity index 95% rename from packages/core/fluxcd/charts/flux2/.helmignore rename to packages/core/fluxcd/charts/flux-operator/.helmignore index 98229532..f24ae1c9 100644 --- a/packages/core/fluxcd/charts/flux2/.helmignore +++ b/packages/core/fluxcd/charts/flux-operator/.helmignore @@ -21,5 +21,4 @@ .idea/ *.tmproj .vscode/ - -tests/ +helmdocs.gotmpl diff --git a/packages/core/fluxcd/charts/flux-operator/Chart.yaml b/packages/core/fluxcd/charts/flux-operator/Chart.yaml new file mode 100644 index 00000000..695e3a09 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + artifacthub.io/license: AGPL-3.0 + artifacthub.io/links: | + - name: Documentation + url: https://fluxcd.control-plane.io/operator + - name: Chart Source + url: https://github.com/controlplaneio-fluxcd/charts + - name: Upstream Project + url: https://github.com/controlplaneio-fluxcd/flux-operator +apiVersion: v2 +appVersion: v0.4.0 +description: 'A Helm chart for deploying the Flux Operator. ' +home: https://github.com/controlplaneio-fluxcd +icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png +keywords: +- flux +- fluxcd +- gitops +kubeVersion: '>=1.22.0-0' +maintainers: +- email: stefan.prodan@control-plane.io + name: Stefan Prodan +- name: Soule Ba + url: soule.ba@control-plane.io +name: flux-operator +sources: +- https://github.com/controlplaneio-fluxcd/flux-operator +- https://github.com/controlplaneio-fluxcd/charts +type: application +version: 0.4.0 diff --git a/packages/core/fluxcd/charts/flux-operator/README.md b/packages/core/fluxcd/charts/flux-operator/README.md new file mode 100644 index 00000000..2fccc5fe --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/README.md @@ -0,0 +1,56 @@ +# flux-operator + +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.0](https://img.shields.io/badge/AppVersion-v0.4.0-informational?style=flat-square) + +The [Flux Operator](https://github.com/controlplaneio-fluxcd) provides a declarative API +for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the +ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-flux-cd/). + +The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images +and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters. + +## Prerequisites + +- Kubernetes 1.22+ +- Helm 3.8+ + +## Installing the Chart + +To install the operator in the `flux-system` namespace: + +```console +helm install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \ + --namespace flux-system \ + --create-namespace \ + --wait +``` + +To deploy the Flux controllers and to configure automated updates, +see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/). + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}` | Pod affinity and anti-affinity settings. | +| commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | +| commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | +| fullnameOverride | string | `""` | | +| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. | +| image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | +| installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | +| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | +| marketplace | object | `{"account":"","license":""}` | Marketplace settings. | +| nameOverride | string | `""` | | +| podSecurityContext | object | `{}` | Pod security context settings. | +| priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. | +| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. | +| resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. | +| serviceAccount | object | `{"automount":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. | +| tolerations | list | `[]` | Pod tolerations settings. | + +## Source Code + +* +* diff --git a/packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt b/packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt new file mode 100644 index 00000000..b09e5e52 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt @@ -0,0 +1 @@ +Documentation at https://fluxcd.control-plane.io/operator/ diff --git a/packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl b/packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl new file mode 100644 index 00000000..996d71d6 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "flux-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "flux-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "flux-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "flux-operator.labels" -}} +helm.sh/chart: {{ include "flux-operator.chart" . }} +{{ include "flux-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "flux-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "flux-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "flux-operator.serviceAccountName" -}} +{{- default (include "flux-operator.fullname" .) .Values.serviceAccount.name }} +{{- end }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml b/packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..6a09fa77 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "flux-operator.fullname" . }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml b/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml new file mode 100644 index 00000000..6a61979e --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml @@ -0,0 +1,420 @@ +{{- if and .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: fluxinstances.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxInstance + listKind: FluxInstanceList + plural: fluxinstances + singular: fluxinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.lastAttemptedRevision + name: Revision + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxInstance is the Schema for the fluxinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxInstanceSpec defines the desired state of FluxInstance + properties: + cluster: + description: Cluster holds the specification of the Kubernetes cluster. + properties: + domain: + default: cluster.local + description: |- + Domain is the cluster domain used for generating the FQDN of services. + Defaults to 'cluster.local'. + type: string + multitenant: + description: Multitenant enables the multitenancy lockdown. + type: boolean + networkPolicy: + default: true + description: |- + NetworkPolicy restricts network access to the current namespace. + Defaults to true. + type: boolean + type: + default: kubernetes + description: |- + Type specifies the distro of the Kubernetes cluster. + Defaults to 'kubernetes'. + enum: + - kubernetes + - openshift + - aws + - azure + - gcp + type: string + required: + - domain + - networkPolicy + type: object + components: + description: |- + Components is the list of controllers to install. + Defaults to all controllers. + items: + description: Component is the name of a controller to install. + enum: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-reflector-controller + - image-automation-controller + type: string + type: array + distribution: + description: Distribution specifies the version and container registry + to pull images from. + properties: + imagePullSecret: + description: |- + ImagePullSecret is the name of the Kubernetes secret + to use for pulling images. + type: string + registry: + description: |- + Registry address to pull the distribution images from + e.g. 'ghcr.io/fluxcd'. + type: string + version: + description: Version semver expression e.g. '2.x', '2.3.x'. + type: string + required: + - registry + - version + type: object + kustomize: + description: |- + Kustomize holds a set of patches that can be applied to the + Flux installation, to customize the way Flux operates. + properties: + patches: + description: |- + Strategic merge and JSON patches, defined as inline YAML objects, + capable of targeting objects based on kind, label and annotation selectors. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + type: string + target: + description: Target points to the resources that the patch + document should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + type: object + storage: + description: |- + Storage holds the specification of the source-controller + persistent volume claim. + properties: + class: + description: Class is the storage class to use for the PVC. + type: string + size: + description: Size is the size of the PVC. + type: string + required: + - class + - size + type: object + sync: + description: |- + Sync specifies the source for the cluster sync operation. + When set, a Flux source (GitRepository, OCIRepository or Bucket) + and Flux Kustomization are created to sync the cluster state + with the source repository. + properties: + interval: + default: 1m + description: Interval is the time between syncs. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kind: + description: Kind is the kind of the source. + enum: + - OCIRepository + - GitRepository + - Bucket + type: string + path: + description: |- + Path is the path to the source directory containing + the kustomize overlay or plain Kubernetes manifests. + type: string + pullSecret: + description: |- + PullSecret specifies the Kubernetes Secret containing the + authentication credentials for the source. + For Git over HTTP/S sources, the secret must contain username and password fields. + For Git over SSH sources, the secret must contain known_hosts and identity fields. + For OCI sources, the secret must be of type kubernetes.io/dockerconfigjson. + For Bucket sources, the secret must contain accesskey and secretkey fields. + type: string + ref: + description: |- + Ref is the source reference, can be a Git ref name e.g. 'refs/heads/main', + an OCI tag e.g. 'latest' or a bucket name e.g. 'flux'. + type: string + url: + description: |- + URL is the source URL, can be a Git repository HTTP/S or SSH address, + an OCI repository address or a Bucket endpoint. + type: string + required: + - kind + - path + - ref + - url + type: object + wait: + default: true + description: |- + Wait instructs the controller to check the health of all the reconciled + resources. Defaults to true. + type: boolean + required: + - distribution + - wait + type: object + status: + description: FluxInstanceStatus defines the observed state of FluxInstance + properties: + components: + description: Components contains the container images used by the + components. + items: + description: ComponentImage represents a container image used by + a component. + properties: + digest: + description: Digest of the container image. + type: string + name: + description: Name of the component. + type: string + repository: + description: Repository address of the container image. + type: string + tag: + description: Tag of the container image. + type: string + required: + - name + - repository + - tag + type: object + type: array + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: |- + Inventory contains a list of Kubernetes resource object references + last applied on the cluster. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: |- + ID is the string representation of the Kubernetes resource object's metadata, + in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: |- + LastAppliedRevision is the version and digest of the + distribution config that was last reconcile. + type: string + lastAttemptedRevision: + description: |- + LastAttemptedRevision is the version and digest of the + distribution config that was last attempted to reconcile. + type: string + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml new file mode 100644 index 00000000..a1b1fa1f --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "flux-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "flux-operator.labels" . | nindent 8 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "flux-operator.fullname" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} + containers: + - name: manager + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.marketplace.account }} + - name: MARKETPLACE_ACCOUNT + value: {{ . }} + {{- end }} + {{- with .Values.marketplace.license }} + - name: MARKETPLACE_LICENSE + value: {{ . }} + {{- end }} + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: IfNotPresent + ports: + - name: http-metrics + containerPort: 8080 + protocol: TCP + - name: http + containerPort: 8081 + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: temp + mountPath: /tmp + volumes: + - name: temp + emptyDir: {} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/service.yaml b/packages/core/fluxcd/charts/flux-operator/templates/service.yaml new file mode 100644 index 00000000..37ad04c2 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "flux-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - port: 8080 + targetPort: http-metrics + protocol: TCP + name: http + selector: + {{- include "flux-operator.selectorLabels" . | nindent 4 }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml b/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..b2dcb45f --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "flux-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} diff --git a/packages/core/fluxcd/charts/flux-operator/values.schema.json b/packages/core/fluxcd/charts/flux-operator/values.schema.json new file mode 100644 index 00000000..c00230f7 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/values.schema.json @@ -0,0 +1,303 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "properties": { + "affinity": { + "default": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.io/os", + "operator": "In", + "values": [ + "linux" + ] + } + ] + } + ] + } + } + }, + "properties": { + "nodeAffinity": { + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "commonAnnotations": { + "properties": {}, + "type": "object" + }, + "commonLabels": { + "properties": {}, + "type": "object" + }, + "extraEnvs": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, + "fullnameOverride": { + "type": "string" + }, + "hostNetwork": { + "default": false, + "type": "boolean" + }, + "image": { + "properties": { + "pullSecrets": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "installCRDs": { + "default": true, + "type": "boolean" + }, + "livenessProbe": { + "default": { + "httpGet": { + "path": "/healthz", + "port": 8081 + }, + "initialDelaySeconds": 15, + "periodSeconds": 20 + }, + "properties": { + "httpGet": { + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "marketplace": { + "properties": { + "account": { + "type": "string" + }, + "license": { + "type": "string" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "podSecurityContext": { + "default": { + "fsGroup": 1337 + }, + "properties": {}, + "type": "object" + }, + "priorityClassName": { + "default": "system-cluster-critical", + "type": "string" + }, + "readinessProbe": { + "default": { + "httpGet": { + "path": "/readyz", + "port": 8081 + }, + "initialDelaySeconds": 5, + "periodSeconds": 10 + }, + "properties": { + "httpGet": { + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "type": "object" + }, + "requests": { + "default": { + "cpu": "100m", + "memory": "64Mi" + }, + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "default": false, + "type": "boolean" + }, + "capabilities": { + "default": { + "drop": [ + "ALL" + ] + }, + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "readOnlyRootFilesystem": { + "default": true, + "type": "boolean" + }, + "runAsNonRoot": { + "default": true, + "type": "boolean" + }, + "seccompProfile": { + "default": { + "type": "RuntimeDefault" + }, + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "default": { + "automount": true, + "create": true, + "name": "" + }, + "properties": { + "automount": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "resources", + "securityContext" + ], + "type": "object" +} diff --git a/packages/core/fluxcd/charts/flux-operator/values.yaml b/packages/core/fluxcd/charts/flux-operator/values.yaml new file mode 100644 index 00000000..83d7eec5 --- /dev/null +++ b/packages/core/fluxcd/charts/flux-operator/values.yaml @@ -0,0 +1,95 @@ +# Default values for flux-operator. + +nameOverride: "" +fullnameOverride: "" + +# -- Install and upgrade the custom resource definitions. +installCRDs: true # @schema default: true + +# -- Common annotations to add to all deployed objects including pods. +commonAnnotations: { } + +# -- Common labels to add to all deployed objects including pods. +commonLabels: { } + +# -- Container image settings. +# The image tag defaults to the chart appVersion. +image: + repository: ghcr.io/controlplaneio-fluxcd/flux-operator # @schema required: true + tag: "" + pullSecrets: [ ] # @schema item: object ; uniqueItems: true + +# -- Pod priority class name. +# Recommended value is system-cluster-critical. +priorityClassName: "" # @schema default: "system-cluster-critical" + +# -- Container resources requests and limits settings. +resources: # @schema required: true + limits: + cpu: 1000m + memory: 1Gi + requests: # @schema default: {"cpu":"100m","memory":"64Mi"} + cpu: 100m + memory: 64Mi + +# -- Container liveness probe settings. +livenessProbe: # @schema default: {"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20} + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + +# -- Container readiness probe settings. +readinessProbe: # @schema default: {"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10} + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + +# -- Pod service account settings. +# The name of the service account defaults to the release name. +serviceAccount: # @schema default: {"create":true,"automount":true,"name":""} + automount: true + name: "" + +# -- Pod security context settings. +podSecurityContext: { } # @schema default: {"fsGroup":1337} + +# -- Container security context settings. +# The default is compliant with the pod security restricted profile. +securityContext: # @schema required: true + runAsNonRoot: true # @schema default: true + readOnlyRootFilesystem: true # @schema default: true + allowPrivilegeEscalation: false # @schema default: false + capabilities: # @schema default: {"drop":["ALL"]} + drop: # @schema item: string ; uniqueItems: true + - "ALL" + seccompProfile: # @schema default: {"type":"RuntimeDefault"} + type: "RuntimeDefault" + +# -- Pod affinity and anti-affinity settings. +affinity: # @schema default: {"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + +# -- Pod tolerations settings. +tolerations: [ ] # @schema item: object ; uniqueItems: true + +# -- Marketplace settings. +marketplace: + license: "" + account: "" + +# -- If `true`, start flux-operator in hostNetwork mode. +hostNetwork: false + +# -- Add environment variables eg. for kubeprism KUBERNETES_SERVICE_HOST and _PORT +extraEnvs: [ ] diff --git a/packages/core/fluxcd/charts/flux2/Chart.yaml b/packages/core/fluxcd/charts/flux2/Chart.yaml deleted file mode 100644 index 8e37f2cb..00000000 --- a/packages/core/fluxcd/charts/flux2/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -annotations: - artifacthub.io/changes: | - - "[Chore]: Update App Version to upstream 2.2.3" -apiVersion: v2 -appVersion: 2.2.3 -description: A Helm chart for flux2 -name: flux2 -sources: -- https://github.com/fluxcd-community/helm-charts -type: application -version: 2.12.4 diff --git a/packages/core/fluxcd/charts/flux2/README.md b/packages/core/fluxcd/charts/flux2/README.md deleted file mode 100644 index 3aa73fa7..00000000 --- a/packages/core/fluxcd/charts/flux2/README.md +++ /dev/null @@ -1,174 +0,0 @@ -# flux2 - -![Version: 2.12.4](https://img.shields.io/badge/Version-2.12.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) - -A Helm chart for flux2 - -This helm chart is maintained and released by the fluxcd-community on a best effort basis. - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| cli.affinity | object | `{}` | | -| cli.annotations | object | `{}` | | -| cli.image | string | `"ghcr.io/fluxcd/flux-cli"` | | -| cli.nodeSelector | object | `{}` | | -| cli.serviceAccount.automount | bool | `true` | | -| cli.tag | string | `"v2.2.3"` | | -| cli.tolerations | list | `[]` | | -| clusterDomain | string | `"cluster.local"` | | -| crds.annotations | object | `{}` | Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep | -| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | -| helmController.affinity | object | `{}` | | -| helmController.annotations."prometheus.io/port" | string | `"8080"` | | -| helmController.annotations."prometheus.io/scrape" | string | `"true"` | | -| helmController.container.additionalArgs | list | `[]` | | -| helmController.create | bool | `true` | | -| helmController.extraEnv | list | `[]` | | -| helmController.image | string | `"ghcr.io/fluxcd/helm-controller"` | | -| helmController.imagePullPolicy | string | `""` | | -| helmController.labels | object | `{}` | | -| helmController.nodeSelector | object | `{}` | | -| helmController.priorityClassName | string | `""` | | -| helmController.resources.limits | object | `{}` | | -| helmController.resources.requests.cpu | string | `"100m"` | | -| helmController.resources.requests.memory | string | `"64Mi"` | | -| helmController.serviceAccount.annotations | object | `{}` | | -| helmController.serviceAccount.automount | bool | `true` | | -| helmController.serviceAccount.create | bool | `true` | | -| helmController.tag | string | `"v0.37.4"` | | -| helmController.tolerations | list | `[]` | | -| imageAutomationController.affinity | object | `{}` | | -| imageAutomationController.annotations."prometheus.io/port" | string | `"8080"` | | -| imageAutomationController.annotations."prometheus.io/scrape" | string | `"true"` | | -| imageAutomationController.container.additionalArgs | list | `[]` | | -| imageAutomationController.create | bool | `true` | | -| imageAutomationController.extraEnv | list | `[]` | | -| imageAutomationController.image | string | `"ghcr.io/fluxcd/image-automation-controller"` | | -| imageAutomationController.imagePullPolicy | string | `""` | | -| imageAutomationController.labels | object | `{}` | | -| imageAutomationController.nodeSelector | object | `{}` | | -| imageAutomationController.priorityClassName | string | `""` | | -| imageAutomationController.resources.limits | object | `{}` | | -| imageAutomationController.resources.requests.cpu | string | `"100m"` | | -| imageAutomationController.resources.requests.memory | string | `"64Mi"` | | -| imageAutomationController.serviceAccount.annotations | object | `{}` | | -| imageAutomationController.serviceAccount.automount | bool | `true` | | -| imageAutomationController.serviceAccount.create | bool | `true` | | -| imageAutomationController.tag | string | `"v0.37.1"` | | -| imageAutomationController.tolerations | list | `[]` | | -| imagePullSecrets | list | `[]` | contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers | -| imageReflectionController.affinity | object | `{}` | | -| imageReflectionController.annotations."prometheus.io/port" | string | `"8080"` | | -| imageReflectionController.annotations."prometheus.io/scrape" | string | `"true"` | | -| imageReflectionController.container.additionalArgs | list | `[]` | | -| imageReflectionController.create | bool | `true` | | -| imageReflectionController.extraEnv | list | `[]` | | -| imageReflectionController.image | string | `"ghcr.io/fluxcd/image-reflector-controller"` | | -| imageReflectionController.imagePullPolicy | string | `""` | | -| imageReflectionController.labels | object | `{}` | | -| imageReflectionController.nodeSelector | object | `{}` | | -| imageReflectionController.priorityClassName | string | `""` | | -| imageReflectionController.resources.limits | object | `{}` | | -| imageReflectionController.resources.requests.cpu | string | `"100m"` | | -| imageReflectionController.resources.requests.memory | string | `"64Mi"` | | -| imageReflectionController.serviceAccount.annotations | object | `{}` | | -| imageReflectionController.serviceAccount.automount | bool | `true` | | -| imageReflectionController.serviceAccount.create | bool | `true` | | -| imageReflectionController.tag | string | `"v0.31.2"` | | -| imageReflectionController.tolerations | list | `[]` | | -| installCRDs | bool | `true` | | -| kustomizeController.affinity | object | `{}` | | -| kustomizeController.annotations."prometheus.io/port" | string | `"8080"` | | -| kustomizeController.annotations."prometheus.io/scrape" | string | `"true"` | | -| kustomizeController.container.additionalArgs | list | `[]` | | -| kustomizeController.create | bool | `true` | | -| kustomizeController.envFrom | object | `{"map":{"name":""},"secret":{"name":""}}` | Defines envFrom using a configmap and/or secret. | -| kustomizeController.extraEnv | list | `[]` | | -| kustomizeController.extraSecretMounts | list | `[]` | Defines additional mounts with secrets. Secrets must be manually created in the namespace or with kustomizeController.secret | -| kustomizeController.image | string | `"ghcr.io/fluxcd/kustomize-controller"` | | -| kustomizeController.imagePullPolicy | string | `""` | | -| kustomizeController.labels | object | `{}` | | -| kustomizeController.nodeSelector | object | `{}` | | -| kustomizeController.priorityClassName | string | `""` | | -| kustomizeController.resources.limits | object | `{}` | | -| kustomizeController.resources.requests.cpu | string | `"100m"` | | -| kustomizeController.resources.requests.memory | string | `"64Mi"` | | -| kustomizeController.secret.create | bool | `false` | Create a secret to use it with extraSecretMounts. Defaults to false. | -| kustomizeController.secret.data | object | `{}` | | -| kustomizeController.secret.name | string | `""` | | -| kustomizeController.serviceAccount.annotations | object | `{}` | | -| kustomizeController.serviceAccount.automount | bool | `true` | | -| kustomizeController.serviceAccount.create | bool | `true` | | -| kustomizeController.tag | string | `"v1.2.2"` | | -| kustomizeController.tolerations | list | `[]` | | -| logLevel | string | `"info"` | | -| multitenancy.defaultServiceAccount | string | `"default"` | All Kustomizations and HelmReleases which don’t have spec.serviceAccountName specified, will use the default account from the tenant’s namespace. Tenants have to specify a service account in their Flux resources to be able to deploy workloads in their namespaces as the default account has no permissions. | -| multitenancy.enabled | bool | `false` | Implement the patches for Multi-tenancy lockdown. See https://fluxcd.io/docs/installation/#multi-tenancy-lockdown | -| multitenancy.privileged | bool | `true` | Both kustomize-controller and helm-controller service accounts run privileged with cluster-admin ClusterRoleBinding. Disable if you want to run them with a minimum set of permissions. | -| notificationController.affinity | object | `{}` | | -| notificationController.annotations."prometheus.io/port" | string | `"8080"` | | -| notificationController.annotations."prometheus.io/scrape" | string | `"true"` | | -| notificationController.container.additionalArgs | list | `[]` | | -| notificationController.create | bool | `true` | | -| notificationController.extraEnv | list | `[]` | | -| notificationController.image | string | `"ghcr.io/fluxcd/notification-controller"` | | -| notificationController.imagePullPolicy | string | `""` | | -| notificationController.labels | object | `{}` | | -| notificationController.nodeSelector | object | `{}` | | -| notificationController.priorityClassName | string | `""` | | -| notificationController.resources.limits | object | `{}` | | -| notificationController.resources.requests.cpu | string | `"100m"` | | -| notificationController.resources.requests.memory | string | `"64Mi"` | | -| notificationController.service.annotations | object | `{}` | | -| notificationController.service.labels | object | `{}` | | -| notificationController.serviceAccount.annotations | object | `{}` | | -| notificationController.serviceAccount.automount | bool | `true` | | -| notificationController.serviceAccount.create | bool | `true` | | -| notificationController.tag | string | `"v1.2.4"` | | -| notificationController.tolerations | list | `[]` | | -| notificationController.webhookReceiver.ingress.annotations | object | `{}` | | -| notificationController.webhookReceiver.ingress.create | bool | `false` | | -| notificationController.webhookReceiver.ingress.hosts[0].host | string | `"flux-webhook.example.com"` | | -| notificationController.webhookReceiver.ingress.hosts[0].paths[0].path | string | `"/"` | | -| notificationController.webhookReceiver.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| notificationController.webhookReceiver.ingress.labels | object | `{}` | | -| notificationController.webhookReceiver.ingress.tls | list | `[]` | | -| notificationController.webhookReceiver.service.annotations | object | `{}` | | -| notificationController.webhookReceiver.service.labels | object | `{}` | | -| policies.create | bool | `true` | | -| prometheus.podMonitor.create | bool | `false` | Enables podMonitor endpoint | -| prometheus.podMonitor.podMetricsEndpoints[0].port | string | `"http-prom"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].action | string | `"keep"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].regex | string | `"Running"` | | -| prometheus.podMonitor.podMetricsEndpoints[0].relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_phase"` | | -| rbac.annotations | object | `{}` | Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep | -| rbac.create | bool | `true` | | -| rbac.createAggregation | bool | `true` | Grant the Kubernetes view, edit and admin roles access to Flux custom resources | -| sourceController.affinity | object | `{}` | | -| sourceController.annotations."prometheus.io/port" | string | `"8080"` | | -| sourceController.annotations."prometheus.io/scrape" | string | `"true"` | | -| sourceController.container.additionalArgs | list | `[]` | | -| sourceController.create | bool | `true` | | -| sourceController.extraEnv | list | `[]` | | -| sourceController.image | string | `"ghcr.io/fluxcd/source-controller"` | | -| sourceController.imagePullPolicy | string | `""` | | -| sourceController.labels | object | `{}` | | -| sourceController.nodeSelector | object | `{}` | | -| sourceController.priorityClassName | string | `""` | | -| sourceController.resources.limits | object | `{}` | | -| sourceController.resources.requests.cpu | string | `"100m"` | | -| sourceController.resources.requests.memory | string | `"64Mi"` | | -| sourceController.service.annotations | object | `{}` | | -| sourceController.service.labels | object | `{}` | | -| sourceController.serviceAccount.annotations | object | `{}` | | -| sourceController.serviceAccount.automount | bool | `true` | | -| sourceController.serviceAccount.create | bool | `true` | | -| sourceController.tag | string | `"v1.2.4"` | | -| sourceController.tolerations | list | `[]` | | -| watchAllNamespaces | bool | `true` | | diff --git a/packages/core/fluxcd/charts/flux2/templates/_helper.tpl b/packages/core/fluxcd/charts/flux2/templates/_helper.tpl deleted file mode 100644 index 6a36293e..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/_helper.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "template.image" -}} -{{- if eq (substr 0 7 .tag) "sha256:" -}} -{{- printf "%s@%s" .image .tag -}} -{{- else -}} -{{- printf "%s:%s" .image .tag -}} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml b/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml deleted file mode 100644 index 432895b2..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/aggregate-clusterroles.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.rbac.createAggregation }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: flux-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: ["*"] - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: flux-view - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: - - apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: ["*"] - verbs: - - get - - list - - watch -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml deleted file mode 100644 index 63dc8572..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.rbac.create (or (not .Values.multitenancy.enabled) .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: cluster-reconciler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.rbac.roleRef.name }} -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} -- kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml deleted file mode 100644 index e77c13ea..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.rbac.create .Values.multitenancy.enabled (not .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: cluster-reconciler-impersonator - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: -- apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["impersonate"] -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml deleted file mode 100644 index 588c7d49..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/cluster-reconciler-impersonator-clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.rbac.create .Values.multitenancy.enabled (not .Values.multitenancy.privileged) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: cluster-reconciler-impersonator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-reconciler-impersonator -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} -- kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml b/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml deleted file mode 100644 index cea0a1ca..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrole.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- if and .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: crd-controller - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: -- apiGroups: ['source.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['kustomize.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['helm.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['notification.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: ['image.toolkit.fluxcd.io'] - resources: ['*'] - verbs: ['*'] -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -# required by leader election -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml b/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml deleted file mode 100644 index 51e716f0..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/crd-controller-clusterrolebinding.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- with .Values.rbac.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} - name: crd-controller - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller -subjects: - - kind: ServiceAccount - name: kustomize-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: helm-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: source-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: notification-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: image-reflector-controller - namespace: {{ .Release.Namespace }} - - kind: ServiceAccount - name: image-automation-controller - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml b/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml deleted file mode 100644 index a9bb3b6b..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/extra-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraObjects }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml deleted file mode 100644 index 9d4ff589..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.helmController.create}} -{{- if .Values.helmController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: helm-controller - {{- with .Values.helmController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml deleted file mode 100644 index 0a930d37..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml +++ /dev/null @@ -1,2268 +0,0 @@ -{{- if and .Values.installCRDs .Values.helmController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v2beta1 HelmRelease is deprecated, upgrade to v2beta2 - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - driftDetection: - description: "DriftDetection holds the configuration for detecting - and handling differences between the manifest in the Helm storage - and the resources currently existing in the cluster. \n Note: this - field is provisional to the v2beta2 API, and not actively used by - v2beta1 HelmReleases." - properties: - ignore: - description: Ignore contains a list of rules for specifying which - changes to ignore during diffing. - items: - description: IgnoreRule defines a rule to selectively disregard - specific changes during the drift detection process. - properties: - paths: - description: Paths is a list of JSON Pointer (RFC 6901) - paths to be excluded from consideration in a Kubernetes - object. - items: - type: string - type: array - target: - description: Target is a selector for specifying Kubernetes - objects to which this rule applies. If Target is not set, - the Paths will be ignored for all Kubernetes objects within - the manifest of the Helm release. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - paths - type: object - type: array - mode: - description: Mode defines how differences should be handled between - the Helm manifest and the manifest currently applied to the - cluster. If not explicitly set, it defaults to DiffModeDisabled. - enum: - - enabled - - warn - - disabled - type: string - type: object - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. This - interval is approximate and may be subject to jitter to ensure efficient - use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: DeletionPropagation specifies the deletion propagation - policy when a Helm uninstall is performed. - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - When set, must be a valid Data Key, consisting of alphanumeric - characters, '-', '_' or '.'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - history: - description: "History holds the history of Helm releases performed - for this HelmRelease up to the last successfully completed release. - \n Note: this field is provisional to the v2beta2 API, and not actively - used by v2beta1 HelmReleases." - items: - description: Snapshot captures a point-in-time copy of the status - information for a Helm release, as managed by the controller. - properties: - apiVersion: - description: 'APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field - is changed, this field will be used to distinguish between - the old and new methods.' - type: string - chartName: - description: ChartName is the chart name of the release object - in storage. - type: string - chartVersion: - description: ChartVersion is the chart version of the release - object in storage. - type: string - configDigest: - description: ConfigDigest is the checksum of the config (better - known as "values") of the release object in storage. It has - the format of `:`. - type: string - deleted: - description: Deleted is when the release was deleted. - format: date-time - type: string - digest: - description: Digest is the checksum of the release object in - storage. It has the format of `:`. - type: string - firstDeployed: - description: FirstDeployed is when the release was first deployed. - format: date-time - type: string - lastDeployed: - description: LastDeployed is when the release was last deployed. - format: date-time - type: string - name: - description: Name is the name of the release. - type: string - namespace: - description: Namespace is the namespace the release is deployed - to. - type: string - status: - description: Status is the current state of the release. - type: string - testHooks: - additionalProperties: - description: TestHookStatus holds the status information for - a test hook as observed to be run by the controller. - properties: - lastCompleted: - description: LastCompleted is the time the test hook last - completed. - format: date-time - type: string - lastStarted: - description: LastStarted is the time the test hook was - last started. - format: date-time - type: string - phase: - description: Phase the test hook was observed to be in. - type: string - type: object - description: TestHooks is the list of test hooks for the release - as observed to be run by the controller. - type: object - version: - description: Version is the version of the release object in - storage. - type: integer - required: - - chartName - - chartVersion - - configDigest - - digest - - firstDeployed - - lastDeployed - - name - - namespace - - status - - version - type: object - type: array - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedConfigDigest: - description: "LastAttemptedConfigDigest is the digest for the config - (better known as \"values\") of the last reconciliation attempt. - \n Note: this field is provisional to the v2beta2 API, and not actively - used by v2beta1 HelmReleases." - type: string - lastAttemptedGeneration: - description: "LastAttemptedGeneration is the last generation the controller - attempted to reconcile. \n Note: this field is provisional to the - v2beta2 API, and not actively used by v2beta1 HelmReleases." - format: int64 - type: integer - lastAttemptedReleaseAction: - description: "LastAttemptedReleaseAction is the last release action - performed for this HelmRelease. It is used to determine the active - remediation strategy. \n Note: this field is provisional to the - v2beta2 API, and not actively used by v2beta1 HelmReleases." - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledForceAt: - description: "LastHandledForceAt holds the value of the most recent - force request value, so a change of the annotation value can be - detected. \n Note: this field is provisional to the v2beta2 API, - and not actively used by v2beta1 HelmReleases." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastHandledResetAt: - description: "LastHandledResetAt holds the value of the most recent - reset request value, so a change of the annotation value can be - detected. \n Note: this field is provisional to the v2beta2 API, - and not actively used by v2beta1 HelmReleases." - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - storageNamespace: - description: "StorageNamespace is the namespace of the Helm release - storage for the current release. \n Note: this field is provisional - to the v2beta2 API, and not actively used by v2beta1 HelmReleases." - type: string - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta2 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - maxLength: 2048 - minLength: 1 - type: string - interval: - description: Interval at which to check the v1.Source for - updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1.Source the chart - is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - driftDetection: - description: DriftDetection holds the configuration for detecting - and handling differences between the manifest in the Helm storage - and the resources currently existing in the cluster. - properties: - ignore: - description: Ignore contains a list of rules for specifying which - changes to ignore during diffing. - items: - description: IgnoreRule defines a rule to selectively disregard - specific changes during the drift detection process. - properties: - paths: - description: Paths is a list of JSON Pointer (RFC 6901) - paths to be excluded from consideration in a Kubernetes - object. - items: - type: string - type: array - target: - description: Target is a selector for specifying Kubernetes - objects to which this rule applies. If Target is not set, - the Paths will be ignored for all Kubernetes objects within - the manifest of the Helm release. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - paths - type: object - type: array - mode: - description: Mode defines how differences should be handled between - the Helm manifest and the manifest currently applied to the - cluster. If not explicitly set, it defaults to DiffModeDisabled. - enum: - - enabled - - warn - - disabled - type: string - type: object - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '5'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML - objects. Deprecated: use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline - YAML objects. Deprecated: use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - maxLength: 253 - minLength: 1 - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - filters: - description: Filters is a list of tests to run or exclude from - running. - items: - description: Filter holds the configuration for individual Helm - test filters. - properties: - exclude: - description: Exclude specifies whether the named test should - be excluded. - type: boolean - name: - description: Name is the name of the test. - maxLength: 253 - minLength: 1 - type: string - required: - - name - type: object - type: array - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: DeletionPropagation specifies the deletion propagation - policy when a Helm uninstall is performed. - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - history: - description: History holds the history of Helm releases performed - for this HelmRelease up to the last successfully completed release. - items: - description: Snapshot captures a point-in-time copy of the status - information for a Helm release, as managed by the controller. - properties: - apiVersion: - description: 'APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field - is changed, this field will be used to distinguish between - the old and new methods.' - type: string - chartName: - description: ChartName is the chart name of the release object - in storage. - type: string - chartVersion: - description: ChartVersion is the chart version of the release - object in storage. - type: string - configDigest: - description: ConfigDigest is the checksum of the config (better - known as "values") of the release object in storage. It has - the format of `:`. - type: string - deleted: - description: Deleted is when the release was deleted. - format: date-time - type: string - digest: - description: Digest is the checksum of the release object in - storage. It has the format of `:`. - type: string - firstDeployed: - description: FirstDeployed is when the release was first deployed. - format: date-time - type: string - lastDeployed: - description: LastDeployed is when the release was last deployed. - format: date-time - type: string - name: - description: Name is the name of the release. - type: string - namespace: - description: Namespace is the namespace the release is deployed - to. - type: string - status: - description: Status is the current state of the release. - type: string - testHooks: - additionalProperties: - description: TestHookStatus holds the status information for - a test hook as observed to be run by the controller. - properties: - lastCompleted: - description: LastCompleted is the time the test hook last - completed. - format: date-time - type: string - lastStarted: - description: LastStarted is the time the test hook was - last started. - format: date-time - type: string - phase: - description: Phase the test hook was observed to be in. - type: string - type: object - description: TestHooks is the list of test hooks for the release - as observed to be run by the controller. - type: object - version: - description: Version is the version of the release object in - storage. - type: integer - required: - - chartName - - chartVersion - - configDigest - - digest - - firstDeployed - - lastDeployed - - name - - namespace - - status - - version - type: object - type: array - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: 'LastAppliedRevision is the revision of the last successfully - applied source. Deprecated: the revision can now be found in the - History.' - type: string - lastAttemptedConfigDigest: - description: LastAttemptedConfigDigest is the digest for the config - (better known as "values") of the last reconciliation attempt. - type: string - lastAttemptedGeneration: - description: LastAttemptedGeneration is the last generation the controller - attempted to reconcile. - format: int64 - type: integer - lastAttemptedReleaseAction: - description: LastAttemptedReleaseAction is the last release action - performed for this HelmRelease. It is used to determine the active - remediation strategy. - enum: - - install - - upgrade - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the Source revision of the last - reconciliation attempt. - type: string - lastAttemptedValuesChecksum: - description: 'LastAttemptedValuesChecksum is the SHA1 checksum for - the values of the last reconciliation attempt. Deprecated: Use LastAttemptedConfigDigest - instead.' - type: string - lastHandledForceAt: - description: LastHandledForceAt holds the value of the most recent - force request value, so a change of the annotation value can be - detected. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastHandledResetAt: - description: LastHandledResetAt holds the value of the most recent - reset request value, so a change of the annotation value can be - detected. - type: string - lastReleaseRevision: - description: 'LastReleaseRevision is the revision of the last successful - Helm release. Deprecated: Use History instead.' - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - storageNamespace: - description: StorageNamespace is the namespace of the Helm release - storage for the current release. - maxLength: 63 - minLength: 1 - type: string - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml deleted file mode 100644 index 8177c17c..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{- if and .Values.helmController.create}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.helmController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: helm-controller -spec: - {{- if kindIs "invalid" .Values.helmController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.helmController.replicas }} - {{- end}} - selector: - matchLabels: - app: helm-controller - template: - metadata: - {{- with .Values.helmController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: helm-controller -{{ with .Values.helmController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.helmController.serviceAccount.automount }} - {{- if .Values.helmController.initContainers}} - initContainers: - {{- toYaml .Values.helmController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.helmController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.helmController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.helmController }} - {{- if .Values.helmController.imagePullPolicy }} - imagePullPolicy: {{ .Values.helmController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.helmController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.helmController.securityContext }} - securityContext: {{ toYaml .Values.helmController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.helmController.volumeMounts }} - {{- toYaml .Values.helmController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.helmController.priorityClassName }} - priorityClassName: {{ .Values.helmController.priorityClassName | quote }} - {{- end }} - {{- if .Values.helmController.podSecurityContext }} - securityContext: {{ toYaml .Values.helmController.podSecurityContext | nindent 8 }} - {{- end }} - serviceAccountName: helm-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.helmController.volumes }} - {{- toYaml .Values.helmController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.helmController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.helmController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.helmController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml deleted file mode 100644 index ac41e696..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.imageAutomationController.create }} -{{- if .Values.imageAutomationController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: image-automation-controller - {{- with .Values.imageAutomationController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml deleted file mode 100644 index 53b711ee..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.crds.yaml +++ /dev/null @@ -1,326 +0,0 @@ -{{- if and .Values.installCRDs .Values.imageAutomationController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imageupdateautomations.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageUpdateAutomation - listKind: ImageUpdateAutomationList - plural: imageupdateautomations - singular: imageupdateautomation - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation - properties: - git: - description: GitSpec contains all the git-specific definitions. This - is technically optional, but in practice mandatory until there are - other kinds of source allowed. - properties: - checkout: - description: Checkout gives the parameters for cloning the git - repository, ready to make changes. If not present, the `spec.ref` - field from the referenced `GitRepository` or its default will - be used. - properties: - ref: - description: Reference gives a branch, tag or commit to clone - from the Git repository. - properties: - branch: - description: Branch to check out, defaults to 'master' - if no other field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence - over all reference fields. \n This can be combined with - Branch to shallow clone the branch, in which the commit - is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes - precedence over Branch, Tag and SemVer. \n It must be - a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: \"refs/heads/main\", \"refs/tags/v0.1.0\", - \"refs/pull/420/head\", \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes - precedence over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - required: - - ref - type: object - commit: - description: Commit specifies how to commit to the git repository. - properties: - author: - description: Author gives the email and optionally the name - to use as the author of commits. - properties: - email: - description: Email gives the email to provide when making - a commit. - type: string - name: - description: Name gives the name to provide when making - a commit. - type: string - required: - - email - type: object - messageTemplate: - description: MessageTemplate provides a template for the commit - message, into which will be interpolated the details of - the change made. - type: string - signingKey: - description: SigningKey provides the option to sign commits - with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret that - contains a 'git.asc' key corresponding to the ASCII - Armored file containing the GPG signing keypair as the - value. It must be in the same namespace as the ImageUpdateAutomation. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - required: - - author - type: object - push: - description: Push specifies how and where to push commits made - by the automation. If missing, commits are pushed (back) to - `.spec.checkout.branch` or its default. - properties: - branch: - description: Branch specifies that commits should be pushed - to the branch named. The branch is created using `.spec.checkout.branch` - as the starting point, if it doesn't already exist. - type: string - options: - additionalProperties: - type: string - description: 'Options specifies the push options that are - sent to the Git server when performing a push operation. - For details, see: https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt' - type: object - refspec: - description: 'Refspec specifies the Git Refspec to use for - a push operation. If both Branch and Refspec are provided, - then the commit is pushed to the branch and also using the - specified refspec. For more details about Git Refspecs, - see: https://git-scm.com/book/en/v2/Git-Internals-The-Refspec' - type: string - type: object - required: - - commit - type: object - interval: - description: Interval gives an lower bound for how often the automation - run should be attempted. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - sourceRef: - description: SourceRef refers to the resource giving access details - to a git repository. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - default: GitRepository - description: Kind of the referent. - enum: - - GitRepository - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to not run this automation, - until it is unset (or set to false). Defaults to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update the - files in the repository. This can be left empty, to use the default - value. - properties: - path: - description: Path to the directory containing the manifests to - be updated. Defaults to 'None', which translates to the root - path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: ImageUpdateAutomationStatus defines the observed state of - ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the controller - ran this automation through to completion (even if no updates were - made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit made - by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml deleted file mode 100644 index 40e4da8d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and .Values.imageAutomationController.create}} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-automation-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.imageAutomationController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: image-automation-controller -spec: - {{- if kindIs "invalid" .Values.imageAutomationController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.imageAutomationController.replicas }} - {{- end}} - selector: - matchLabels: - app: image-automation-controller - template: - metadata: - {{- with .Values.imageAutomationController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: image-automation-controller -{{ with .Values.imageAutomationController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.imageAutomationController.serviceAccount.automount }} - {{- if .Values.imageAutomationController.initContainers}} - initContainers: - {{- toYaml .Values.imageAutomationController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.imageAutomationController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.imageAutomationController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.imageAutomationController }} - {{- if .Values.imageAutomationController.imagePullPolicy }} - imagePullPolicy: {{ .Values.imageAutomationController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.imageAutomationController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.imageAutomationController.securityContext }} - securityContext: {{ toYaml .Values.imageAutomationController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.imageAutomationController.volumeMounts }} - {{- toYaml .Values.imageAutomationController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.imageAutomationController.priorityClassName }} - priorityClassName: {{ .Values.imageAutomationController.priorityClassName | quote }} - {{- end }} - {{- if .Values.imageAutomationController.podSecurityContext }} - securityContext: {{ toYaml .Values.imageAutomationController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: image-automation-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.imageAutomationController.volumes }} - {{- toYaml .Values.imageAutomationController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.imageAutomationController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageAutomationController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageAutomationController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml deleted file mode 100644 index 16f9cb9d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.imageReflectionController.create }} -{{- if .Values.imageReflectionController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: image-reflector-controller - {{- with .Values.imageReflectionController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml deleted file mode 100644 index 1bf92fae..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml +++ /dev/null @@ -1,901 +0,0 @@ -{{- if and .Values.installCRDs .Values.imageReflectionController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imagepolicies.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating the - ImagePolicy. - properties: - filterTags: - description: FilterTags enables filtering for only a subset of tags - based on a set of rules. If no rules are provided, all the tags - from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted from - the specified regular expression pattern, useful before tag - evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern used - to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying the - image being scanned - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to be followed - in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the letters of the alphabet as tags, ascending order - would select Z, and descending order would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical ordering - of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of the tags. - Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select - 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to check against - the tags available. - properties: - range: - description: Range gives a semver range for the image tag; - the highest version within the range that's a tag yields - the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - default: - observedGeneration: -1 - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images scanned - by the image repository, when filtered and ordered according to - the policy. - type: string - observedGeneration: - format: int64 - type: integer - observedPreviousImage: - description: ObservedPreviousImage is the observed previous LatestImage. - It is used to keep track of the previous and current images. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: imagerepositories.image.toolkit.fluxcd.io -spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageRepository - listKind: ImageRepositoryList - plural: imagerepositories - singular: imagerepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a secret containing - either or both of \n - a PEM-encoded client certificate (`certFile`) - and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - type: array - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning an - image repository, e.g., `fluxcd/flux`. - properties: - accessFrom: - description: AccessFrom defines an ACL for allowing cross-namespace - references to the ImageRepository object based on the caller's namespace - labels. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - exclusionList: - default: - - ^.*\.sig$ - description: ExclusionList is a list of regex strings used to exclude - certain tags from being stored in the database. - items: - type: string - maxItems: 25 - type: array - image: - description: Image is the name of the image repository - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval is the length of time to wait between scans - of the image repository. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should be - created with `kubectl create secret docker-registry`, or the equivalent. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. - maxLength: 253 - type: string - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. Defaults - to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: object - status: - default: - observedGeneration: -1 - description: ImageRepositoryStatus defines the observed state of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository with - all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched tags. - properties: - latestTags: - items: - type: string - type: array - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedExclusionList: - description: ObservedExclusionList is a list of observed exclusion - list. It reflects the exclusion rules used for the observed scan - result in spec.lastScanResult. - items: - type: string - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml deleted file mode 100644 index 6be9c3e1..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml +++ /dev/null @@ -1,139 +0,0 @@ -{{- if and .Values.imageReflectionController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: image-reflector-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.imageReflectionController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: image-reflector-controller -spec: - {{- if kindIs "invalid" .Values.imageReflectionController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.imageReflectionController.replicas }} - {{- end}} - selector: - matchLabels: - app: image-reflector-controller - template: - metadata: - {{- with .Values.imageReflectionController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: image-reflector-controller -{{ with .Values.imageReflectionController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.imageReflectionController.serviceAccount.automount }} - {{- if .Values.imageReflectionController.initContainers}} - initContainers: - {{- toYaml .Values.imageReflectionController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.imageReflectionController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.imageReflectionController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.imageReflectionController }} - {{- if .Values.imageReflectionController.imagePullPolicy }} - imagePullPolicy: {{ .Values.imageReflectionController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.imageReflectionController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.imageReflectionController.securityContext }} - securityContext: {{ toYaml .Values.imageReflectionController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - - mountPath: /data - name: data - {{- if .Values.imageReflectionController.volumeMounts }} - {{- toYaml .Values.imageReflectionController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.imageReflectionController.priorityClassName }} - priorityClassName: {{ .Values.imageReflectionController.priorityClassName | quote }} - {{- end }} - {{- if .Values.imageReflectionController.podSecurityContext }} - securityContext: {{ toYaml .Values.imageReflectionController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: image-reflector-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - - emptyDir: {} - name: data - {{- if .Values.imageReflectionController.volumes }} - {{- toYaml .Values.imageReflectionController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.imageReflectionController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageReflectionController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imageReflectionController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml deleted file mode 100644 index 140c30b1..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kustomizeController.create }} -{{- if .Values.kustomizeController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: kustomize-controller - {{- with .Values.kustomizeController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml deleted file mode 100644 index 8a547043..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kustomizeController.secret.create }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.kustomizeController.secret.name }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -type: Opaque -data: - {{- range $key, $value := .Values.kustomizeController.secret.data }} - {{ $key }}: {{ $value | toString | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml deleted file mode 100644 index 433cce66..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.crds.yaml +++ /dev/null @@ -1,1640 +0,0 @@ -{{- if and .Values.installCRDs .Values.kustomizeController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names, and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml deleted file mode 100644 index 6473dbe0..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if and .Values.kustomizeController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.kustomizeController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: kustomize-controller -spec: - {{- if kindIs "invalid" .Values.kustomizeController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.kustomizeController.replicas }} - {{- end}} - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - {{- with .Values.kustomizeController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: kustomize-controller -{{ with .Values.kustomizeController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.kustomizeController.serviceAccount.automount }} - {{- if .Values.kustomizeController.initContainers}} - initContainers: - {{- toYaml .Values.kustomizeController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} - {{- end}} - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.kustomizeController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.kustomizeController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or (.Values.kustomizeController.envFrom.map.name) (.Values.kustomizeController.envFrom.secret.name) }} - envFrom: - {{- if .Values.kustomizeController.envFrom.map.name }} - - configMapRef: - name: {{ .Values.kustomizeController.envFrom.map.name }} - {{- end }} - {{- if .Values.kustomizeController.envFrom.secret.name }} - - secretRef: - name: {{ .Values.kustomizeController.envFrom.secret.name }} - {{- end }} - {{- end }} - image: {{ template "template.image" .Values.kustomizeController }} - {{- if .Values.kustomizeController.imagePullPolicy }} - imagePullPolicy: {{ .Values.kustomizeController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.kustomizeController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.kustomizeController.securityContext }} - securityContext: {{ toYaml .Values.kustomizeController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.kustomizeController.volumeMounts }} - {{- toYaml .Values.kustomizeController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.kustomizeController.priorityClassName }} - priorityClassName: {{ .Values.kustomizeController.priorityClassName | quote }} - {{- end }} - {{- range .Values.kustomizeController.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.kustomizeController.podSecurityContext }} - securityContext: {{ toYaml .Values.kustomizeController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: kustomize-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.kustomizeController.volumes }} - {{- toYaml .Values.kustomizeController.volumes | nindent 6 }} - {{- end}} - {{- range .Values.kustomizeController.extraSecretMounts }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- with .Values.kustomizeController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kustomizeController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.kustomizeController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml deleted file mode 100644 index 942cd68c..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-ingress.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.notificationController.create .Values.notificationController.webhookReceiver.ingress.create }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.webhookReceiver.ingress.labels }}{{ toYaml . | nindent 4 }}{{ end }} - {{- with .Values.notificationController.webhookReceiver.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ tpl $value $ | quote }} - {{- end }} - {{- end }} - name: webhook-receiver -spec: - {{- if .Values.notificationController.webhookReceiver.ingress.ingressClassName }} - ingressClassName: {{ .Values.notificationController.webhookReceiver.ingress.ingressClassName }} - {{- end -}} - {{- if .Values.notificationController.webhookReceiver.ingress.tls }} - tls: - {{- range .Values.notificationController.webhookReceiver.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.notificationController.webhookReceiver.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: webhook-receiver - port: - number: 80 - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml deleted file mode 100644 index b44e8dac..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-sa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.notificationController.create -}} -{{- if .Values.notificationController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: notification-controller - {{- with .Values.notificationController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml deleted file mode 100644 index 79b12dc6..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: notification-controller - {{- with .Values.notificationController.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - {{- if .Values.notificationController.service.ports }} - {{- toYaml .Values.notificationController.service.ports | nindent 2 }} - {{- end}} - selector: - app: notification-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml deleted file mode 100644 index 3d71034a..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller-webhook-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.webhookReceiver.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: webhook-receiver - {{- with .Values.notificationController.webhookReceiver.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 9292 - selector: - app: notification-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml deleted file mode 100644 index b6dbf6ed..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller.crds.yaml +++ /dev/null @@ -1,1790 +0,0 @@ -{{- if and .Values.installCRDs .Values.notificationController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Alert is deprecated, upgrade to v1beta3 - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an info log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an info log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Provider is deprecated, upgrade to v1beta3 - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - timeout: - description: Timeout for sending alerts to the provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the endpoint, in a generic sense, to - where alerts are sent. What kind of endpoint depends on the specific - Provider type being used. For the generic Provider, for example, - this is an HTTP/S address. For other Provider types this could be - a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` - key has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the endpoint, in a generic sense, to - where alerts are sent. What kind of endpoint depends on the specific - Provider type being used. For the generic Provider, for example, - this is an HTTP/S address. For other Provider types this could be - a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile` - key has been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. Deprecated and not used in v1beta3. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - - nats - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - default: 10m - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: 'URL is the generated incoming webhook address in the - format of ''/hook/sha256sum(token+name+namespace)''. Deprecated: - Replaced by WebhookPath.' - type: string - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml deleted file mode 100644 index d4d6772d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/notification-controller.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{- if and .Values.notificationController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.notificationController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: notification-controller -spec: - {{- if kindIs "invalid" .Values.notificationController.replicas }} - replicas: 1 - {{- else }} - replicas: {{ .Values.notificationController.replicas }} - {{- end}} - selector: - matchLabels: - app: notification-controller - template: - metadata: - {{- with .Values.notificationController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: notification-controller -{{ with .Values.notificationController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.notificationController.serviceAccount.automount }} - {{- if .Values.notificationController.initContainers}} - initContainers: - {{- toYaml .Values.notificationController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.multitenancy.enabled }} - - --no-cross-namespace-refs=true - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - {{- range .Values.notificationController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.notificationController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.notificationController }} - {{- if .Values.notificationController.imagePullPolicy }} - imagePullPolicy: {{ .Values.notificationController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - {{- with .Values.notificationController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.notificationController.securityContext }} - securityContext: {{ toYaml .Values.notificationController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /tmp - name: temp - {{- if .Values.notificationController.volumeMounts }} - {{- toYaml .Values.notificationController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.notificationController.priorityClassName }} - priorityClassName: {{ .Values.notificationController.priorityClassName | quote }} - {{- end }} - {{- if .Values.notificationController.podSecurityContext }} - securityContext: {{ toYaml .Values.notificationController.podSecurityContext | nindent 8 }} - {{- end }} - serviceAccountName: notification-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - {{- if .Values.notificationController.volumes }} - {{- toYaml .Values.notificationController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.notificationController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notificationController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notificationController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml b/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml deleted file mode 100644 index 3db75272..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/podmonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if .Values.prometheus.podMonitor.create }} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ .Release.Name }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $value := .Values.prometheus.podMonitor.additionalLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchExpressions: - - key: app - operator: In - values: - - helm-controller - - source-controller - - kustomize-controller - - notification-controller - - image-automation-controller - - image-reflector-controller - podMetricsEndpoints: -{{ toYaml .Values.prometheus.podMonitor.podMetricsEndpoints | indent 4 }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/policies.yaml b/packages/core/fluxcd/charts/flux2/templates/policies.yaml deleted file mode 100644 index 731e2980..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/policies.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if and .Values.policies.create}} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-egress -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-scraping -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: allow-webhooks -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml b/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml deleted file mode 100644 index f6348698..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/pre-install-job-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: "{{ .Release.Name }}-flux-check" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded diff --git a/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml b/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml deleted file mode 100644 index 2c2541f5..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/pre-install-job.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-flux-check" - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - template: - metadata: - name: "{{ .Release.Name }}" - {{- with .Values.cli.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - spec: - restartPolicy: Never - serviceAccountName: "{{ .Release.Name }}-flux-check" - automountServiceAccountToken: {{ .Values.cli.serviceAccount.automount }} - containers: - - name: flux-cli - image: {{ template "template.image" .Values.cli }} - command: ["/usr/local/bin/flux", "check", "--pre", "--namespace", {{ .Release.Namespace }}] - {{- with .Values.cli.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.cli.securityContext }} - securityContext: {{ toYaml .Values.cli.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - {{- if .Values.cli.volumeMounts }} - volumeMounts: - {{- toYaml .Values.cli.volumeMounts | nindent 10 }} - {{- end}} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - {{- with .Values.cli.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.cli.volumes }} - volumes: - {{- toYaml .Values.cli.volumes | nindent 8 }} - {{- end}} - {{- with .Values.cli.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.cli.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml deleted file mode 100644 index 25caae35..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller-service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.sourceController.create }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.sourceController.service.labels }}{{ toYaml . | nindent 4 }}{{ end }} - name: source-controller - {{- with .Values.sourceController.service.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - {{- if .Values.sourceController.service.ports }} - {{- toYaml .Values.sourceController.service.ports | nindent 2 }} - {{- end}} - selector: - app: source-controller - type: ClusterIP -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml deleted file mode 100644 index 286a625f..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.sourceController.create -}} -{{- if .Values.sourceController.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: source-controller - {{- with .Values.sourceController.serviceAccount.annotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml deleted file mode 100644 index d4fccd6d..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.crds.yaml +++ /dev/null @@ -1,3291 +0,0 @@ -{{- if and .Values.installCRDs .Values.sourceController.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which the Bucket Endpoint is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - prefix: - description: Prefix to use for server-side filtering of files in the - Bucket. - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which the GitRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxySecretRef: - description: ProxySecretRef specifies the Secret containing the proxy - configuration to use while communicating with the Git server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - default: HEAD - description: "Mode specifies which Git object(s) should be verified. - \n The variants \"head\" and \"HEAD\" both imply the same thing, - i.e. verify the commit that the HEAD of the Git repository points - to. The variant \"head\" solely exists to ensure backwards compatibility." - enum: - - head - - HEAD - - Tag - - TagAndHEAD - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - sourceVerificationMode: - description: SourceVerificationMode is the last used verification - mode indicating which Git object(s) have been verified. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: 'GitImplementation specifies which Git client library - implementation to use. Defaults to ''go-git'', valid values are - (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated - now that ''go-git'' is the only supported implementation.' - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `:`, - for example: `sha256:`. \n Deprecated: Replaced with explicit - fields for observed artifact content config in the status." - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which the HelmChart SourceRef is checked - for updates. This interval is approximate and may be subject to - jitter to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. This field is only - supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart - artifact, are not verified. - properties: - matchOIDCIdentity: - description: MatchOIDCIdentity specifies the identity matching - criteria to use while verifying an OCI artifact which was signed - using Cosign keyless signing. The artifact's identity is deemed - to be verified if any of the specified matchers match against - the identity. - items: - description: OIDCIdentityMatch specifies options for verifying - the certificate identity, i.e. the issuer and the subject - of the certificate. - properties: - issuer: - description: Issuer specifies the regex pattern to match - against to verify the OIDC issuer in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - subject: - description: Subject specifies the regex pattern to match - against to verify the identity subject in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caFile fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. This field is only taken into account if the .spec.type - field is set to 'oci'. - type: boolean - interval: - description: Interval at which the HelmRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - provider: - default: generic - description: Provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. This field is optional, and only taken into - account if the .spec.type field is set to 'oci'. When not specified, - defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. Support for TLS auth - using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. - Please use `.spec.certSecretRef` instead. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - description: Timeout is used for the index fetch operation for an - HTTPS helm repository, and for remote OCI Repository operations - like pulling for an OCI helm chart by the associated HelmChart. - Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - pattern: ^(http|https|oci)://.*$ - type: string - required: - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - {{- with .Values.crds.annotations }} - {{- . | toYaml | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: '{{ .Release.Namespace }}' - app.kubernetes.io/managed-by: '{{ .Release.Service }}' - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: '{{ .Chart.AppVersion }}' - helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - name: ocirepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: OCIRepository - listKind: OCIRepositoryList - plural: ocirepositories - shortNames: - - ocirepo - singular: ocirepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing - either or both of \n - a PEM-encoded client certificate (`tls.crt`) - and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. - \n Note: Support for the `caFile`, `certFile` and `keyFile` keys - have been deprecated." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: Interval at which the OCIRepository URL is checked for - updates. This interval is approximate and may be subject to jitter - to ensure efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: LayerSelector specifies which layer should be extracted - from the OCI artifact. When not specified, the first layer found - in the artifact is selected. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - ref: - description: The OCI reference to pull and monitor for changes, defaults - to the latest tag. - properties: - digest: - description: Digest is the image digest to pull, takes precedence - over SemVer. The value should be in the format 'sha256:'. - type: string - semver: - description: SemVer is the range of tags to pull selecting the - latest within the range, takes precedence over Tag. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: SecretRef contains the secret name containing the registry - login credentials to resolve image metadata. The secret must be - of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. - properties: - matchOIDCIdentity: - description: MatchOIDCIdentity specifies the identity matching - criteria to use while verifying an OCI artifact which was signed - using Cosign keyless signing. The artifact's identity is deemed - to be verified if any of the specified matchers match against - the identity. - items: - description: OIDCIdentityMatch specifies options for verifying - the certificate identity, i.e. the issuer and the subject - of the certificate. - properties: - issuer: - description: Issuer specifies the regex pattern to match - against to verify the OIDC issuer in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - subject: - description: Subject specifies the regex pattern to match - against to verify the identity subject in the Fulcio certificate. - The pattern must be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.layerSelector observed in .status.observedGeneration version - of the object. This can be used to determine if the content configuration - has changed and the artifact needs to be rebuilt. It has the format - of `:`, for example: `sha256:`. \n Deprecated: - Replaced with explicit fields for observed artifact content config - in the status." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedLayerSelector: - description: ObservedLayerSelector is the observed layer selector - used for constructing the source artifact. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml deleted file mode 100644 index 517b54bd..00000000 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{- if .Values.sourceController.create }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: {{ .Release.Namespace | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/part-of: flux - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - control-plane: controller - {{- with .Values.sourceController.labels }} - {{- . | toYaml | nindent 4 }} - {{- end }} - name: source-controller -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - {{- with .Values.sourceController.annotations }} - annotations: {{ toYaml . | nindent 8 }} - {{- end }} - labels: - app: source-controller -{{ with .Values.sourceController.labels }}{{ toYaml . | indent 8 }}{{ end }} - spec: - automountServiceAccountToken: {{ .Values.sourceController.serviceAccount.automount }} - {{- if .Values.sourceController.initContainers}} - initContainers: - {{- toYaml .Values.sourceController.initContainers | nindent 8}} - {{- end}} - containers: - - args: - {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc - {{- end}} - - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - - --log-level={{ .Values.logLevel | default "info" }} - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc - {{- range .Values.sourceController.container.additionalArgs }} - - {{ . }} - {{- end}} - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.sourceController.extraEnv }} - {{- toYaml . | nindent 8 }} - {{- end }} - image: {{ template "template.image" .Values.sourceController }} - {{- if .Values.sourceController.imagePullPolicy }} - imagePullPolicy: {{ .Values.sourceController.imagePullPolicy }} - {{- else }} - imagePullPolicy: IfNotPresent - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - {{- with .Values.sourceController.resources }} - resources: {{ toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.sourceController.securityContext }} - securityContext: {{ toYaml .Values.sourceController.securityContext | nindent 10 }} - {{- else }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - {{- end}} - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - {{- if .Values.sourceController.volumeMounts }} - {{- toYaml .Values.sourceController.volumeMounts | nindent 8 }} - {{- end}} - {{- if .Values.sourceController.priorityClassName }} - priorityClassName: {{ .Values.sourceController.priorityClassName | quote }} - {{- end }} - {{- if .Values.sourceController.podSecurityContext }} - securityContext: {{ toYaml .Values.sourceController.podSecurityContext | nindent 8 }} - {{- else }} - securityContext: - fsGroup: 1337 - {{- end}} - serviceAccountName: source-controller - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 6 }} - {{- end }} - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp - {{- if .Values.sourceController.volumes }} - {{- toYaml .Values.sourceController.volumes | nindent 6 }} - {{- end}} - {{- with .Values.sourceController.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sourceController.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sourceController.tolerations }} - tolerations: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/packages/core/fluxcd/charts/flux2/values.yaml b/packages/core/fluxcd/charts/flux2/values.yaml deleted file mode 100644 index 379c07e8..00000000 --- a/packages/core/fluxcd/charts/flux2/values.yaml +++ /dev/null @@ -1,327 +0,0 @@ -# global - -installCRDs: true -crds: - # -- Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep - annotations: {} - -multitenancy: - # -- Implement the patches for Multi-tenancy lockdown. - # See https://fluxcd.io/docs/installation/#multi-tenancy-lockdown - enabled: false - # -- All Kustomizations and HelmReleases which don’t have spec.serviceAccountName - # specified, will use the default account from the tenant’s namespace. - # Tenants have to specify a service account in their Flux resources to be able - # to deploy workloads in their namespaces as the default account has no permissions. - defaultServiceAccount: "default" - # -- Both kustomize-controller and helm-controller service accounts run privileged - # with cluster-admin ClusterRoleBinding. Disable if you want to run them with a - # minimum set of permissions. - privileged: true - -clusterDomain: cluster.local - -cli: - image: ghcr.io/fluxcd/flux-cli - tag: v2.2.3 - nodeSelector: {} - affinity: {} - tolerations: [] - annotations: {} - serviceAccount: - automount: true - -# controllers - -helmController: - create: true - image: ghcr.io/fluxcd/helm-controller - tag: v0.37.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core - # for example: - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: foo.bar.com/role - # operator: In - # values: - # - master - - affinity: {} - # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core - # for example: - # tolerations: - # - key: foo.bar.com/role - # operator: Equal - # value: master - # effect: NoSchedule - - tolerations: [] - -imageAutomationController: - create: true - image: ghcr.io/fluxcd/image-automation-controller - tag: v0.37.1 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - affinity: {} - tolerations: [] - -imageReflectionController: - create: true - image: ghcr.io/fluxcd/image-reflector-controller - tag: v0.31.2 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - nodeSelector: {} - affinity: {} - tolerations: [] - -kustomizeController: - create: true - image: ghcr.io/fluxcd/kustomize-controller - tag: v1.2.2 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - secret: - # -- Create a secret to use it with extraSecretMounts. Defaults to false. - create: false - name: "" - data: {} - # -- Defines envFrom using a configmap and/or secret. - envFrom: - map: - name: "" - secret: - name: "" - # -- Defines additional mounts with secrets. - # Secrets must be manually created in the namespace or with kustomizeController.secret - extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # subPath: "" - # secretName: secret-files - # readOnly: true - - nodeSelector: {} - affinity: {} - tolerations: [] - -notificationController: - create: true - image: ghcr.io/fluxcd/notification-controller - tag: v1.2.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - extraEnv: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - service: - labels: {} - annotations: {} - webhookReceiver: - service: - labels: {} - annotations: {} - ingress: - create: false - # ingressClassName: nginx - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - hosts: - - host: flux-webhook.example.com - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: flux-webhook-tls - # hosts: - # - flux-webhook.example.com - - - nodeSelector: {} - affinity: {} - tolerations: [] - -sourceController: - create: true - image: ghcr.io/fluxcd/source-controller - tag: v1.2.4 - resources: - limits: {} - # cpu: 1000m - # memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - priorityClassName: "" - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: {} - container: - additionalArgs: [] - serviceAccount: - create: true - automount: true - annotations: {} - imagePullPolicy: "" - service: - labels: {} - annotations: {} - nodeSelector: {} - affinity: {} - tolerations: [] - extraEnv: [] - -policies: - create: true - -rbac: - create: true - # -- Grant the Kubernetes view, edit and admin roles access to Flux custom resources - createAggregation: true - # -- Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep - annotations: {} - roleRef: - name: cluster-admin - -logLevel: info -watchAllNamespaces: true - -# -- contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers -imagePullSecrets: [] - -# -- Array of extra K8s manifests to deploy -extraObjects: [] -# Example usage from https://fluxcd.io/docs/components/source/buckets/#static-authentication -# - apiVersion: source.toolkit.fluxcd.io/v1beta2 -# kind: Bucket -# metadata: -# name: podinfo -# namespace: default -# spec: -# interval: 1m -# provider: generic -# bucketName: podinfo -# endpoint: minio.minio.svc.cluster.local:9000 -# insecure: true -# secretRef: -# name: minio-credentials -# - apiVersion: v1 -# kind: Secret -# metadata: -# name: minio-credentials -# namespace: default -# type: Opaque -# data: -# accesskey: -# secretkey: - -# Enables podMonitor creation for the Prometheus Operator -prometheus: - podMonitor: - # -- Enables podMonitor endpoint - create: false - podMetricsEndpoints: - - port: http-prom - relabelings: - # https://github.com/prometheus-operator/prometheus-operator/issues/4816 - - sourceLabels: [__meta_kubernetes_pod_phase] - action: keep - regex: Running diff --git a/packages/core/fluxcd/templates/flux-instance.yaml b/packages/core/fluxcd/templates/flux-instance.yaml new file mode 100644 index 00000000..b3b08d08 --- /dev/null +++ b/packages/core/fluxcd/templates/flux-instance.yaml @@ -0,0 +1,15 @@ +apiVersion: fluxcd.controlplane.io/v1 +kind: FluxInstance +metadata: + name: flux +spec: + cluster: + domain: {{ .Values.fluxInstance.cluster.domain }} + distribution: + version: {{ .Values.fluxInstance.distribution.version }} + registry: {{ .Values.fluxInstance.distribution.registry }} + components: + {{- if .Values.fluxInstance.components }} + {{- toYaml .Values.fluxInstance.components | nindent 4 }} + {{- end }} + diff --git a/packages/core/fluxcd/values.yaml b/packages/core/fluxcd/values.yaml new file mode 100644 index 00000000..9650a9b9 --- /dev/null +++ b/packages/core/fluxcd/values.yaml @@ -0,0 +1,13 @@ +fluxInstance: + cluster: + domain: cozy.local + distribution: + version: 2.2.x + registry: ghcr.io/fluxcd + components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-reflector-controller + - image-automation-controller diff --git a/packages/core/fluxcd/valuesFile.yaml b/packages/core/fluxcd/valuesFile.yaml new file mode 100644 index 00000000..23694817 --- /dev/null +++ b/packages/core/fluxcd/valuesFile.yaml @@ -0,0 +1,11 @@ +flux-operator: + tolerations: + - key: node.kubernetes.io/not-ready + operator: Exists + effect: NoSchedule + hostNetwork: true + extraEnvs: + - name: KUBERNETES_SERVICE_HOST + value: localhost + - name: KUBERNETES_SERVICE_PORT + value: "7445" diff --git a/packages/core/platform/templates/namespaces.yaml b/packages/core/platform/templates/namespaces.yaml index fd3a58e0..3f25361c 100644 --- a/packages/core/platform/templates/namespaces.yaml +++ b/packages/core/platform/templates/namespaces.yaml @@ -16,7 +16,7 @@ {{/* Add extra namespaces */}} {{- $_ := set $namespaces "cozy-public" false }} -{{- $_ := set $namespaces "cozy-fluxcd" false }} +{{- $_ := set $namespaces "cozy-fluxcd" true }} {{- range $namespace, $privileged := $namespaces }} --- diff --git a/scripts/installer.sh b/scripts/installer.sh index 078ef6cd..d5edba38 100755 --- a/scripts/installer.sh +++ b/scripts/installer.sh @@ -18,7 +18,16 @@ run_migrations() { done } -flux_is_ok() { + +flux_operator_is_ok() { + kubectl wait --for=condition=available -n cozy-fluxcd deploy/fluxcd-flux-operator --timeout=1m +} + +flux_instance_is_ok() { + kubectl wait --for=condition=ready -n cozy-fluxcd fluxinstance/flux --timeout=5m +} + +flux_controllers_ok() { kubectl wait --for=condition=available -n cozy-fluxcd deploy/source-controller deploy/helm-controller --timeout=10s } @@ -39,20 +48,24 @@ run_migrations # Install namespaces make -C packages/core/platform namespaces-apply -# Install fluxcd -make -C packages/core/fluxcd apply +# Install fluxcd twice (once it will fail, since CRDs can't be ordered) +make -C packages/core/fluxcd apply || make -C packages/core/fluxcd apply -# Reconcile Helm repositories -kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/repository reconcile.fluxcd.io/requestedAt=$(date +"%Y-%m-%dT%H:%M:%SZ") --overwrite +if flux_operator_is_ok; then + echo "Flux operator is installed and FluxInstance CRD is ready" +fi # Install platform chart make -C packages/core/platform apply # Install basic system charts (should be after platform chart applied) -if ! flux_is_ok; then +if ! flux_controllers_ok; then install_basic_charts fi +# Reconcile Helm repositories +kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/repository reconcile.fluxcd.io/requestedAt=$(date +"%Y-%m-%dT%H:%M:%SZ") --overwrite + # Reconcile platform chart trap 'exit' INT TERM while true; do From 931e39fb5c6779cbd5175f8e7fb4b8f28fe751c1 Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Mon, 17 Jun 2024 10:02:32 -0400 Subject: [PATCH 2/5] Upgrade to Flux 2.3.x (#167) Signed-off-by: Kingdon Barrett Co-authored-by: Andrei Kvapil --- .../templates/helmreleases/cilium.yaml | 2 +- .../templates/helmreleases/csi.yaml | 2 +- packages/apps/tenant/templates/etcd.yaml | 2 +- packages/apps/tenant/templates/ingress.yaml | 2 +- .../apps/tenant/templates/monitoring.yaml | 2 +- packages/core/fluxcd/Makefile | 4 +-- packages/core/fluxcd/flux-customizations.yaml | 35 +++++++++++++++++++ .../core/fluxcd/templates/flux-instance.yaml | 11 ++++-- packages/core/fluxcd/values.yaml | 8 ++--- packages/core/platform/bundles/paas-full.yaml | 4 +-- .../core/platform/bundles/paas-hosted.yaml | 4 +-- packages/core/platform/templates/apps.yaml | 6 ++-- .../core/platform/templates/helmreleases.yaml | 2 +- .../core/platform/templates/helmrepos.yaml | 6 ++-- .../ingress/templates/nginx-ingress.yaml | 2 +- .../templates/oncall/oncall-release.yaml | 2 +- 16 files changed, 68 insertions(+), 26 deletions(-) create mode 100644 packages/core/fluxcd/flux-customizations.yaml diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml index 14577407..4f23ed21 100644 --- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .Release.Name }}-cilium diff --git a/packages/apps/kubernetes/templates/helmreleases/csi.yaml b/packages/apps/kubernetes/templates/helmreleases/csi.yaml index 55169278..5ced4163 100644 --- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .Release.Name }}-csi diff --git a/packages/apps/tenant/templates/etcd.yaml b/packages/apps/tenant/templates/etcd.yaml index 917cf4b4..17b66683 100644 --- a/packages/apps/tenant/templates/etcd.yaml +++ b/packages/apps/tenant/templates/etcd.yaml @@ -1,5 +1,5 @@ {{- if .Values.etcd }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: etcd diff --git a/packages/apps/tenant/templates/ingress.yaml b/packages/apps/tenant/templates/ingress.yaml index 7c413db5..b93ae0fa 100644 --- a/packages/apps/tenant/templates/ingress.yaml +++ b/packages/apps/tenant/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress diff --git a/packages/apps/tenant/templates/monitoring.yaml b/packages/apps/tenant/templates/monitoring.yaml index d0db03b5..93772546 100644 --- a/packages/apps/tenant/templates/monitoring.yaml +++ b/packages/apps/tenant/templates/monitoring.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: monitoring diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index 15494d2d..f8bab3e7 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -7,11 +7,11 @@ show: helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) apply: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml \ + helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml -f flux-customizations.yaml \ --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f- diff: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml \ + helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml -f flux-customizations.yaml \ --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- update: diff --git a/packages/core/fluxcd/flux-customizations.yaml b/packages/core/fluxcd/flux-customizations.yaml new file mode 100644 index 00000000..faacac59 --- /dev/null +++ b/packages/core/fluxcd/flux-customizations.yaml @@ -0,0 +1,35 @@ +fluxInstance: + kustomize: + patches: + - target: + kind: Deployment + name: "(kustomize-controller|helm-controller|source-controller)" + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=20 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + - op: replace + path: /spec/template/spec/containers/0/resources/limits + value: + cpu: 2000m + memory: 2048Mi + - target: + kind: Deployment + name: source-controller + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --storage-adv-addr=source-controller + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller/ + - target: + kind: Deployment + name: (kustomize-controller|helm-controller|image-reflector-controller|image-automation-controller) + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller/ diff --git a/packages/core/fluxcd/templates/flux-instance.yaml b/packages/core/fluxcd/templates/flux-instance.yaml index b3b08d08..12999f66 100644 --- a/packages/core/fluxcd/templates/flux-instance.yaml +++ b/packages/core/fluxcd/templates/flux-instance.yaml @@ -3,8 +3,12 @@ kind: FluxInstance metadata: name: flux spec: + {{- with .Values.fluxInstance.cluster }} cluster: - domain: {{ .Values.fluxInstance.cluster.domain }} + {{- with .domain }} + domain: {{ . }} + {{- end }} + {{- end }} distribution: version: {{ .Values.fluxInstance.distribution.version }} registry: {{ .Values.fluxInstance.distribution.registry }} @@ -12,4 +16,7 @@ spec: {{- if .Values.fluxInstance.components }} {{- toYaml .Values.fluxInstance.components | nindent 4 }} {{- end }} - + kustomize: + {{- if .Values.fluxInstance.kustomize }} + {{- toYaml .Values.fluxInstance.kustomize | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/packages/core/fluxcd/values.yaml b/packages/core/fluxcd/values.yaml index 9650a9b9..8e13df1c 100644 --- a/packages/core/fluxcd/values.yaml +++ b/packages/core/fluxcd/values.yaml @@ -1,8 +1,8 @@ fluxInstance: - cluster: - domain: cozy.local + # cluster: + # domain: cozy.local distribution: - version: 2.2.x + version: 2.3.x registry: ghcr.io/fluxcd components: - source-controller @@ -10,4 +10,4 @@ fluxInstance: - helm-controller - notification-controller - image-reflector-controller - - image-automation-controller + - image-automation-controller \ No newline at end of file diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 6ee2ad41..a39931a1 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -153,8 +153,8 @@ releases: chart: cozy-dashboard namespace: cozy-dashboard dependsOn: [cilium,kubeovn] - {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} - {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }} values: kubeapps: redis: diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index a9c33818..5d6ce1a5 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -91,8 +91,8 @@ releases: chart: cozy-dashboard namespace: cozy-dashboard dependsOn: [] - {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} - {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }} values: kubeapps: redis: diff --git a/packages/core/platform/templates/apps.yaml b/packages/core/platform/templates/apps.yaml index 2ba4f8ed..073edbdb 100644 --- a/packages/core/platform/templates/apps.yaml +++ b/packages/core/platform/templates/apps.yaml @@ -3,8 +3,8 @@ {{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }} {{- $host := "example.org" }} {{- $tenantRoot := list }} -{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta2" }} -{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "tenant-root" "tenant-root" }} +{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }} +{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }} {{- end }} {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }} {{- $host = $tenantRoot.spec.values.host }} @@ -22,7 +22,7 @@ metadata: namespace.cozystack.io/host: "{{ $host }}" name: tenant-root --- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: tenant-root diff --git a/packages/core/platform/templates/helmreleases.yaml b/packages/core/platform/templates/helmreleases.yaml index 5834c0be..bf7e1748 100644 --- a/packages/core/platform/templates/helmreleases.yaml +++ b/packages/core/platform/templates/helmreleases.yaml @@ -12,7 +12,7 @@ {{- range $x := $bundle.releases }} {{- if not (has $x.name $disabledComponents) }} --- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ $x.name }} diff --git a/packages/core/platform/templates/helmrepos.yaml b/packages/core/platform/templates/helmrepos.yaml index 3e061e41..69f77534 100644 --- a/packages/core/platform/templates/helmrepos.yaml +++ b/packages/core/platform/templates/helmrepos.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-system @@ -10,7 +10,7 @@ spec: interval: 5m0s url: http://cozystack.cozy-system.svc/repos/system --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-apps @@ -22,7 +22,7 @@ spec: interval: 5m0s url: http://cozystack.cozy-system.svc/repos/apps --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cozystack-extra diff --git a/packages/extra/ingress/templates/nginx-ingress.yaml b/packages/extra/ingress/templates/nginx-ingress.yaml index 816327f0..43a3a9a6 100644 --- a/packages/extra/ingress/templates/nginx-ingress.yaml +++ b/packages/extra/ingress/templates/nginx-ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx diff --git a/packages/extra/monitoring/templates/oncall/oncall-release.yaml b/packages/extra/monitoring/templates/oncall/oncall-release.yaml index 46d124e4..48416776 100644 --- a/packages/extra/monitoring/templates/oncall/oncall-release.yaml +++ b/packages/extra/monitoring/templates/oncall/oncall-release.yaml @@ -1,7 +1,7 @@ {{- if .Values.oncall.enabled }} {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana-oncall From 2dd2b079b2b4c061404b854532119798cdd8371d Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 17 Jun 2024 15:55:48 +0200 Subject: [PATCH 3/5] Update flux-plugin for dashboard Signed-off-by: Andrei Kvapil --- packages/core/installer/images/cozystack.json | 4 +- packages/core/installer/images/cozystack.tag | 2 +- .../dashboard/images/kubeapps-apis.json | 4 +- .../system/dashboard/images/kubeapps-apis.tag | 2 +- .../dashboard/images/kubeapps-apis/Dockerfile | 12 +- .../images/kubeapps-apis/fluxcd.diff | 3196 +++++++++++++++++ .../images/kubeapps-apis/labels.diff | 10 +- .../kubeapps-apis/reconcile-strategy.diff | 2 +- 8 files changed, 3210 insertions(+), 22 deletions(-) create mode 100644 packages/system/dashboard/images/kubeapps-apis/fluxcd.diff diff --git a/packages/core/installer/images/cozystack.json b/packages/core/installer/images/cozystack.json index 585f11e3..3dda1a27 100644 --- a/packages/core/installer/images/cozystack.json +++ b/packages/core/installer/images/cozystack.json @@ -1,4 +1,4 @@ { - "containerimage.config.digest": "sha256:6d54a5b971e80fbaace664054d4e67f24fd1fbb7807ebaffd036d4ea7195df10", - "containerimage.digest": "sha256:a6b167235d8556ff7e45f4582c2491a2ad48292a46005dcf767908e2fb78e74e" + "containerimage.config.digest": "sha256:c5641297fd8c314272047ae02461871e73c6eb3bdf64d5acd7f971917a28d48e", + "containerimage.digest": "sha256:e4838be7d0032f45213ccd0044deae263cd79f87cb1aa1c2a5c1efcc8337aad8" } \ No newline at end of file diff --git a/packages/core/installer/images/cozystack.tag b/packages/core/installer/images/cozystack.tag index e8430b50..602d7b26 100644 --- a/packages/core/installer/images/cozystack.tag +++ b/packages/core/installer/images/cozystack.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/cozystack:v0.7.0 +ghcr.io/aenix-io/cozystack/cozystack:latest diff --git a/packages/system/dashboard/images/kubeapps-apis.json b/packages/system/dashboard/images/kubeapps-apis.json index 8a5f4ced..b7460aa0 100644 --- a/packages/system/dashboard/images/kubeapps-apis.json +++ b/packages/system/dashboard/images/kubeapps-apis.json @@ -1,4 +1,4 @@ { - "containerimage.config.digest": "sha256:44db4f7c92adb68c79eb3e152c95318e559e5c1ac0ba6e3d467596b1315f37a1", - "containerimage.digest": "sha256:b0c355cf5387b376e676a9e395fa0a11790409123a29e637a7080a413fe7f10d" + "containerimage.config.digest": "sha256:3fbaba7f41e9055839ecb30c1f0d505be732f79433fefdcfd352052d4ce52a19", + "containerimage.digest": "sha256:b33011eaf4dfe775287103f66b667b2976a053a59711103f405c6a5c5cc841bc" } \ No newline at end of file diff --git a/packages/system/dashboard/images/kubeapps-apis.tag b/packages/system/dashboard/images/kubeapps-apis.tag index e6a5a538..b87bc749 100644 --- a/packages/system/dashboard/images/kubeapps-apis.tag +++ b/packages/system/dashboard/images/kubeapps-apis.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.7.0 +ghcr.io/aenix-io/cozystack/kubeapps-apis:latest diff --git a/packages/system/dashboard/images/kubeapps-apis/Dockerfile b/packages/system/dashboard/images/kubeapps-apis/Dockerfile index b53ee603..99e7e56a 100644 --- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile +++ b/packages/system/dashboard/images/kubeapps-apis/Dockerfile @@ -8,8 +8,10 @@ ARG VERSION=v2.10.0 RUN apk add --no-cache patch WORKDIR /source RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1 +COPY fluxcd.diff /patches/fluxcd.diff COPY labels.diff /patches/labels.diff COPY reconcile-strategy.diff /patches/reconcile-strategy.diff +RUN patch -p1 < /patches/fluxcd.diff RUN patch -p1 < /patches/labels.diff RUN patch -p1 < /patches/reconcile-strategy.diff @@ -70,15 +72,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ ./cmd/kubeapps-apis -# Build 'kapp-controller' plugin, version 'v1alpha1' -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - GOPROXY="https://proxy.golang.org,direct" \ - go build \ - -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \ - -o /kapp-controller-packages-v1alpha1-plugin.so -buildmode=plugin \ - ./cmd/kubeapps-apis/plugins/kapp_controller/packages/v1alpha1/*.go - ## Build 'fluxv2' plugin, version 'v1alpha1' RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ @@ -111,7 +104,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ FROM bitnami/minideb:bookworm COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /go/src/github.com/vmware-tanzu/kubeapps/kubeapps-apis /kubeapps-apis -COPY --from=builder /kapp-controller-packages-v1alpha1-plugin.so /plugins/kapp-controller-packages/ COPY --from=builder /fluxv2-packages-v1alpha1-plugin.so /plugins/fluxv2-packages/ COPY --from=builder /helm-packages-v1alpha1-plugin.so /plugins/helm-packages/ COPY --from=builder /resources-v1alpha1-plugin.so /plugins/resources/ diff --git a/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff b/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff new file mode 100644 index 00000000..eb073c6c --- /dev/null +++ b/packages/system/dashboard/images/kubeapps-apis/fluxcd.diff @@ -0,0 +1,3196 @@ +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go +index fa38d6ba6..f57d6f65c 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache/watcher_cache.go +@@ -131,7 +131,7 @@ type NamespacedResourceWatcherCacheConfig struct { + OnResyncFunc ResyncFunc + + // These funcs are needed to manipulate API-specific objects, such as flux's +- // sourcev1beta2.HelmRepository, in a generic fashion ++ // sourcev1.HelmRepository, in a generic fashion + NewObjFunc NewObjectFunc + NewListFunc NewObjectListFunc + ListItemsFunc GetListItemsFunc +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go +index 58aae6e88..c0d62a9a7 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart.go +@@ -12,7 +12,7 @@ import ( + "strings" + + "github.com/bufbuild/connect-go" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common" +@@ -27,12 +27,12 @@ import ( + "sigs.k8s.io/yaml" + ) + +-func (s *Server) getChartInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1beta2.HelmChart, error) { ++func (s *Server) getChartInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1.HelmChart, error) { + client, err := s.getClient(headers, key.Namespace) + if err != nil { + return nil, err + } +- var chartObj sourcev1beta2.HelmChart ++ var chartObj sourcev1.HelmChart + if err = client.Get(ctx, key, &chartObj); err != nil { + return nil, connecterror.FromK8sError("get", "HelmChart", key.String(), err) + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go +index 2c16c88ec..95455476f 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go +@@ -12,7 +12,7 @@ import ( + "testing" + "time" + +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + fluxplugin "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" +@@ -329,12 +329,12 @@ func TestKindClusterRepoAndChartRBAC(t *testing.T) { + rules := map[string][]rbacv1.PolicyRule{ + names[1].Namespace: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{fluxHelmRepositories}, + Verbs: []string{"get", "list"}, + }, + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get", "list"}, + }, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go +index 7641d5c77..362fc82ef 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_test.go +@@ -16,7 +16,7 @@ import ( + "github.com/bufbuild/connect-go" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redismock/v8" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" +@@ -187,7 +187,7 @@ func TestGetAvailablePackageDetail(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, secretObjs) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, secretObjs) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -291,7 +291,7 @@ func TestTransientHttpFailuresAreRetriedForChartCache(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -468,7 +468,7 @@ func TestNonExistingRepoOrInvalidPkgVersionGetAvailablePackageDetail(t *testing. + } + defer ts2.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -649,7 +649,7 @@ func TestGetAvailablePackageVersions(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -736,7 +736,7 @@ func TestGetOciAvailablePackageVersions(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, tc.charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, tc.charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -979,12 +979,12 @@ func TestChartWithRelativeURL(t *testing.T) { + } + })) + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: ts.URL, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -1003,7 +1003,7 @@ func TestChartWithRelativeURL(t *testing.T) { + defer ts.Close() + + s, mock, err := newServerWithRepos(t, +- []sourcev1beta2.HelmRepository{repo}, ++ []sourcev1.HelmRepository{repo}, + []testSpecChartWithUrl{ + { + chartID: fmt.Sprintf("%s/airflow", repoName), +@@ -1073,7 +1073,7 @@ func TestGetOciAvailablePackageDetail(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, tc.charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, tc.charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -1129,8 +1129,8 @@ func TestGetOciAvailablePackageDetail(t *testing.T) { + } + } + +-func newChart(name, namespace string, spec *sourcev1beta2.HelmChartSpec, status *sourcev1beta2.HelmChartStatus) sourcev1beta2.HelmChart { +- helmChart := sourcev1beta2.HelmChart{ ++func newChart(name, namespace string, spec *sourcev1.HelmChartSpec, status *sourcev1.HelmChartStatus) sourcev1.HelmChart { ++ helmChart := sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Generation: int64(1), +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go +index cdb3611b0..5d5f5433b 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go +@@ -24,8 +24,8 @@ import ( + "github.com/bufbuild/connect-go" + "github.com/docker/cli/cli/config" + "github.com/docker/cli/cli/config/credentials" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/google/go-containerregistry/pkg/authn" + plugins "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/plugins/v1alpha1" +@@ -68,20 +68,20 @@ func init() { + } + + repositoriesGvr = schema.GroupVersionResource{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, + Resource: "helmrepositories", + } + + chartsGvr = schema.GroupVersionResource{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, + Resource: "helmcharts", + } + + releasesGvr = schema.GroupVersionResource{ +- Group: helmv2beta2.GroupVersion.Group, +- Version: helmv2beta2.GroupVersion.Version, ++ Group: helmv2.GroupVersion.Group, ++ Version: helmv2.GroupVersion.Version, + Resource: "helmreleases", + } + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go +index e3c1880a5..556516068 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go +@@ -10,10 +10,10 @@ import ( + + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/k8sutils" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" + "google.golang.org/protobuf/types/known/anypb" +@@ -1006,33 +1006,33 @@ var ( + }, + } + +- add_repo_1 = sourcev1beta2.HelmRepository{ ++ add_repo_1 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, + } + +- add_repo_2 = sourcev1beta2.HelmRepository{ ++ add_repo_2 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1040,17 +1040,17 @@ var ( + }, + } + +- add_repo_3 = sourcev1beta2.HelmRepository{ ++ add_repo_3 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1058,17 +1058,17 @@ var ( + }, + } + +- add_repo_4 = sourcev1beta2.HelmRepository{ ++ add_repo_4 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +@@ -1077,51 +1077,51 @@ var ( + }, + } + +- add_repo_5 = sourcev1beta2.HelmRepository{ ++ add_repo_5 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + PassCredentials: true, + }, + } + +- add_repo_6 = sourcev1beta2.HelmRepository{ ++ add_repo_6 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: github_stefanprodan_podinfo_oci_registry_url, + Interval: metav1.Duration{Duration: 10 * time.Minute}, + Type: "oci", + }, + } + +- add_repo_7 = sourcev1beta2.HelmRepository{ ++ add_repo_7 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", + Namespace: "foo", + ResourceVersion: "1", + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: github_stefanprodan_podinfo_oci_registry_url, + Interval: metav1.Duration{Duration: 10 * time.Minute}, + Type: "oci", +@@ -1129,10 +1129,10 @@ var ( + }, + } + +- add_repo_8 = sourcev1beta2.HelmRepository{ ++ add_repo_8 = sourcev1.HelmRepository{ + TypeMeta: metav1.TypeMeta{ +- Kind: sourcev1beta2.HelmRepositoryKind, +- APIVersion: sourcev1beta2.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "bar", +@@ -1140,7 +1140,7 @@ var ( + ResourceVersion: "1", + Annotations: map[string]string{k8sutils.AnnotationDescriptionKey: "repo desc"}, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +@@ -1831,7 +1831,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1844,7 +1844,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -1886,7 +1886,7 @@ var ( + releaseSuspend: true, + releaseServiceAccountName: "foo", + releaseValues: &v1.JSON{Raw: redis_existing_spec_completed_with_values_and_reconciliation_options_values_bytes}, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1899,7 +1899,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -1923,20 +1923,20 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.InstallFailedReason, ++ Reason: helmv2.InstallFailedReason, + Message: "install retries exhausted", + }, + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.InstallFailedReason, ++ Reason: helmv2.InstallFailedReason, + Message: "Helm install failed: unable to build kubernetes objects from release manifest: error validating \"\": error validating data: ValidationError(Deployment.spec.replicas): invalid type for io.k8s.api.apps.v1.DeploymentSpec.replicas: got \"string\", expected \"integer\"", + }, + }, +@@ -1961,13 +1961,13 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.GetLastReleaseFailedReason, ++ Reason: helmv2.GetLastReleaseFailedReason, + Message: "failed to get last release revision", + }, + }, +@@ -1990,13 +1990,13 @@ var ( + Namespace: "test", + Generation: 2, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.GetLastReleaseFailedReason, ++ Reason: helmv2.GetLastReleaseFailedReason, + Message: "failed to get last release revision", + }, + }, +@@ -2027,7 +2027,7 @@ var ( + Namespace: "namespace-2", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2040,7 +2040,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2064,7 +2064,7 @@ var ( + Namespace: "namespace-2", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2077,7 +2077,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2101,7 +2101,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2130,13 +2130,13 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionFalse, +- Reason: helmv2beta2.ArtifactFailedReason, ++ Reason: helmv2.ArtifactFailedReason, + Message: "HelmChart 'default/kubeapps-my-redis' is not ready", + }, + }, +@@ -2168,7 +2168,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2181,7 +2181,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2275,41 +2275,41 @@ var ( + PostInstallationNotes: "some notes", + } + +- flux_helm_release_basic = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_basic = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_semver_constraint = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_semver_constraint = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + Version: "> 5", + }) + +- flux_helm_release_reconcile_options = &helmv2beta2.HelmRelease{ ++ flux_helm_release_reconcile_options = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, +@@ -2327,22 +2327,22 @@ var ( + "message": "what we do in the shadows", + }}) + +- flux_helm_release_values = &helmv2beta2.HelmRelease{ ++ flux_helm_release_values = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, +@@ -2357,10 +2357,10 @@ var ( + InstalledPackageRef: installedRef("my-podinfo", "test"), + } + +- flux_helm_release_updated_1 = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_1 = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2368,12 +2368,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2384,10 +2384,10 @@ var ( + }, + } + +- flux_helm_release_updated_2 = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_2 = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2395,12 +2395,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2424,7 +2424,7 @@ var ( + Namespace: "test", + Generation: 1, + }, +- releaseStatus: helmv2beta2.HelmReleaseStatus{ ++ releaseStatus: helmv2.HelmReleaseStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2437,7 +2437,7 @@ var ( + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Type: "Released", + Status: metav1.ConditionTrue, +- Reason: helmv2beta2.InstallSucceededReason, ++ Reason: helmv2.InstallSucceededReason, + Message: "Helm install succeeded", + }, + }, +@@ -2457,10 +2457,10 @@ var ( + status: release.StatusDeployed, + } + +- flux_helm_release_updated_target_ns_is_set = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_target_ns_is_set = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2468,12 +2468,12 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2661,50 +2661,50 @@ var ( + }, + } + +- flux_helm_release_upgrade_policy_none = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_none = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: "5.2.1", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_major = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_major = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_minor = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_minor = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1 <6.0.0", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_upgrade_policy_patch = newFluxHelmRelease(helmv2beta2.HelmChartTemplateSpec{ ++ flux_helm_release_upgrade_policy_patch = newFluxHelmRelease(helmv2.HelmChartTemplateSpec{ + Chart: "podinfo", + Version: ">=5.2.1 <5.3.0", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "podinfo", + Namespace: "namespace-1", + }, + }) + +- flux_helm_release_updated_upgrade_major = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_major = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2712,13 +2712,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2728,10 +2728,10 @@ var ( + }, + } + +- flux_helm_release_updated_upgrade_minor = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_minor = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2739,13 +2739,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0 <15.0.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -2755,10 +2755,10 @@ var ( + }, + } + +- flux_helm_release_updated_upgrade_patch = &helmv2beta2.HelmRelease{ ++ flux_helm_release_updated_upgrade_patch = &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-redis", +@@ -2766,13 +2766,13 @@ var ( + Generation: int64(1), + ResourceVersion: "1000", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Version: ">=14.4.0 <14.5.0", + Chart: "redis", +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ +- Kind: sourcev1beta2.HelmRepositoryKind, ++ SourceRef: helmv2.CrossNamespaceObjectReference{ ++ Kind: sourcev1.HelmRepositoryKind, + Name: "bitnami-1", + Namespace: "default", + }, +@@ -3230,13 +3230,13 @@ var ( + } + + get_summaries_repo_1 = newRepo("bar", "foo", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 + SecretRef: &fluxmeta.LocalObjectReference{}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -3257,11 +3257,11 @@ var ( + }) + + get_summaries_repo_2 = newRepo("zot", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -3282,19 +3282,19 @@ var ( + }) + + get_summaries_repo_3 = newRepo("pending", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ObservedGeneration: -1}, ++ &sourcev1.HelmRepositoryStatus{ObservedGeneration: -1}, + ) + + get_summaries_repo_4 = newRepo("failed", "xyz", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 10 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -4027,19 +4027,19 @@ var ( + } + } + +- newFluxHelmRelease = func(chartSpec helmv2beta2.HelmChartTemplateSpec) *helmv2beta2.HelmRelease { +- return &helmv2beta2.HelmRelease{ ++ newFluxHelmRelease = func(chartSpec helmv2.HelmChartTemplateSpec) *helmv2.HelmRelease { ++ return &helmv2.HelmRelease{ + TypeMeta: metav1.TypeMeta{ +- Kind: helmv2beta2.HelmReleaseKind, +- APIVersion: helmv2beta2.GroupVersion.String(), ++ Kind: helmv2.HelmReleaseKind, ++ APIVersion: helmv2.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-podinfo", + Namespace: "test", + ResourceVersion: "1", + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ + Spec: chartSpec, + }, + Interval: metav1.Duration{Duration: 1 * time.Minute}, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go +index 672b8140d..be0270f16 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go +@@ -18,9 +18,9 @@ import ( + "testing" + "time" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/vmware-tanzu/kubeapps/cmd/apprepository-controller/pkg/client/clientset/versioned/scheme" + plugins "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/plugins/v1alpha1" +@@ -143,7 +143,7 @@ func checkEnv(t *testing.T) (fluxplugin.FluxV2PackagesServiceClient, fluxplugin. + } + + // Check for helmrepositories left over from manual testing. This has caused me a lot grief +- var l *sourcev1beta2.HelmRepositoryList ++ var l *sourcev1.HelmRepositoryList + var names []string + const maxWait = 25 + for i := 0; i <= maxWait; i++ { +@@ -251,12 +251,12 @@ func kubeAddHelmRepository(t *testing.T, name types.NamespacedName, typ, url, se + if interval <= 0 { + interval = time.Duration(10 * time.Minute) + } +- repo := sourcev1beta2.HelmRepository{ ++ repo := sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: url, + Interval: metav1.Duration{Duration: interval}, + }, +@@ -297,7 +297,7 @@ func kubeAddHelmRepositoryAndCleanup(t *testing.T, name types.NamespacedName, ty + return err + } + +-func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1beta2.HelmRepository, error) { ++func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1.HelmRepository, error) { + t.Logf("+kubeGetHelmRepository(%s)", name) + + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) +@@ -305,7 +305,7 @@ func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1be + if ifc, err := kubeGetCtrlClient(); err != nil { + return nil, err + } else { +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if err := ifc.Get(ctx, name, &repo); err != nil { + return nil, err + } +@@ -313,7 +313,7 @@ func kubeGetHelmRepository(t *testing.T, name types.NamespacedName) (*sourcev1be + } + } + +-func kubeListAllHelmRepositories(t *testing.T) (*sourcev1beta2.HelmRepositoryList, error) { ++func kubeListAllHelmRepositories(t *testing.T) (*sourcev1.HelmRepositoryList, error) { + t.Logf("+kubeListAllHelmRepositories()") + + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) +@@ -321,7 +321,7 @@ func kubeListAllHelmRepositories(t *testing.T) (*sourcev1beta2.HelmRepositoryLis + if ifc, err := kubeGetCtrlClient(); err != nil { + return nil, err + } else { +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + if err := ifc.List(ctx, &repoList); err != nil { + return nil, err + } +@@ -340,7 +340,7 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + } else { + ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second) + defer cancel() +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + if watcher, err := ifc.Watch(ctx, &repoList); err != nil { + return err + } else { +@@ -357,8 +357,8 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + } + switch event.Type { + case watch.Added, watch.Modified: +- if repo, ok := event.Object.(*sourcev1beta2.HelmRepository); !ok { +- return errors.New("Could not cast to *sourcev1beta2.HelmRepository") ++ if repo, ok := event.Object.(*sourcev1.HelmRepository); !ok { ++ return errors.New("Could not cast to *sourcev1.HelmRepository") + } else { + hour, minute, second := time.Now().Clock() + complete, success, reason := isHelmRepositoryReady(*repo) +@@ -381,7 +381,7 @@ func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name types.NamespacedName) + // this should eventually be replaced with flux plugin's DeleteRepository() + func kubeDeleteHelmRepository(t *testing.T, name types.NamespacedName) error { + t.Logf("+kubeDeleteHelmRepository(%s)", name) +- repo := &sourcev1beta2.HelmRepository{ ++ repo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, +@@ -400,7 +400,7 @@ func kubeExistsHelmRepository(t *testing.T, name types.NamespacedName) (bool, er + t.Logf("+kubeExistsHelmRepository(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if ifc, err := kubeGetCtrlClient(); err != nil { + return false, err + } else if err = ifc.Get(ctx, name, &repo); err == nil { +@@ -414,7 +414,7 @@ func kubeDeleteHelmRelease(t *testing.T, name types.NamespacedName) error { + t.Logf("+kubeDeleteHelmRelease(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- release := &helmv2beta2.HelmRelease{ ++ release := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, +@@ -431,7 +431,7 @@ func kubeExistsHelmRelease(t *testing.T, name types.NamespacedName) (bool, error + t.Logf("+kubeExistsHelmRelease(%s)", name) + ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout) + defer cancel() +- var rel helmv2beta2.HelmRelease ++ var rel helmv2.HelmRelease + if ifc, err := kubeGetCtrlClient(); err != nil { + return false, err + } else if err = ifc.Get(ctx, name, &rel); err == nil { +@@ -826,7 +826,7 @@ func kubeCreateSecret(t *testing.T, secret *apiv1.Secret) error { + return err + } + +-func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1beta2.HelmRepository) error { ++func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1.HelmRepository) error { + t.Logf("+kubeSetKubeappsManagedSecretOwnerRef(%s, %s)", secretName, ownerRepo.Name) + typedClient, err := kubeGetTypedClient() + if err != nil { +@@ -852,9 +852,9 @@ func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.Namespa + *metav1.NewControllerRef( + ownerRepo, + schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind, + }), + } + +@@ -1029,11 +1029,11 @@ func kubeGetCtrlClient() (ctrlclient.WithWatch, error) { + return nil, err + } else { + scheme := runtime.NewScheme() +- err = sourcev1beta2.AddToScheme(scheme) ++ err = sourcev1.AddToScheme(scheme) + if err != nil { + return nil, err + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + return nil, err + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go +index 67bfa5480..149f904c4 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go +@@ -47,7 +47,7 @@ import ( + + "github.com/fluxcd/pkg/oci/auth/login" + "github.com/fluxcd/pkg/version" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + + // OCI Registry As a Storage (ORAS) + orasregistryauthv2 "oras.land/oras-go/v2/registry/remote/auth" +@@ -386,7 +386,7 @@ func newRegistryClient(isLogin bool, tlsConfig *tls.Config, getterOpts []getter. + // OCI Helm repository, which defines a source, does not produce an Artifact + // ref https://fluxcd.io/docs/components/source/helmrepositories/#helm-oci-repository + +-func (s *repoEventSink) onAddOciRepo(repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onAddOciRepo(repo sourcev1.HelmRepository) ([]byte, bool, error) { + log.V(4).Infof("+onAddOciRepo(%s)", common.PrettyPrint(repo)) + defer log.V(4).Info("-onAddOciRepo") + +@@ -444,7 +444,7 @@ func (s *repoEventSink) onAddOciRepo(repo sourcev1beta2.HelmRepository) ([]byte, + return buf.Bytes(), true, nil + } + +-func (s *repoEventSink) onModifyOciRepo(key string, oldValue interface{}, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onModifyOciRepo(key string, oldValue interface{}, repo sourcev1.HelmRepository) ([]byte, bool, error) { + log.Infof("+onModifyOciRepo(%s)", common.PrettyPrint(repo)) + defer log.Info("-onModifyOciRepo") + +@@ -576,12 +576,12 @@ func (r *OCIChartRepository) shortRepoName(fullRepoName string) (string, error) + } + } + +-func (s *Server) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1beta2.HelmRepository) (*OCIChartRepository, error) { ++func (s *Server) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1.HelmRepository) (*OCIChartRepository, error) { + sink := s.newRepoEventSink() + return sink.newOCIChartRepositoryAndLogin(ctx, repo) + } + +-func (s *repoEventSink) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1beta2.HelmRepository) (*OCIChartRepository, error) { ++func (s *repoEventSink) newOCIChartRepositoryAndLogin(ctx context.Context, repo sourcev1.HelmRepository) (*OCIChartRepository, error) { + if loginOpts, getterOpts, cred, err := s.clientOptionsForOciRepo(ctx, repo); err != nil { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Failed to create registry client: %w", err)) + } else { +@@ -649,7 +649,7 @@ func (s *repoEventSink) newOCIChartRepositoryAndLoginWithOptions(registryURL str + return ociRepo, nil + } + +-func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo sourcev1beta2.HelmRepository) ([]registry.LoginOption, []getter.Option, *orasregistryauthv2.Credential, error) { ++func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo sourcev1.HelmRepository) ([]registry.LoginOption, []getter.Option, *orasregistryauthv2.Credential, error) { + var loginOpts []registry.LoginOption + var cred *orasregistryauthv2.Credential + getterOpts := []getter.Option{ +@@ -680,7 +680,7 @@ func (s *repoEventSink) clientOptionsForOciRepo(ctx context.Context, repo source + } + } + +- if repo.Spec.Provider != "" && repo.Spec.Provider != sourcev1beta2.GenericOCIProvider { ++ if repo.Spec.Provider != "" && repo.Spec.Provider != "generic" { + ctxTimeout, cancel := context.WithTimeout(ctx, repo.Spec.Timeout.Duration) + defer cancel() + +@@ -734,7 +734,7 @@ func downloadChartWithHelmGetter(tlsConfig *tls.Config, getterOptions []getter.O + return buf, err + } + +-func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRepo *OCIChartRepository, repo *sourcev1beta2.HelmRepository) ([]models.Chart, error) { ++func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRepo *OCIChartRepository, repo *sourcev1.HelmRepository) ([]models.Chart, error) { + charts := []models.Chart{} + for _, fullAppName := range appNames { + appName, err := ociChartRepo.shortRepoName(fullAppName) +@@ -756,7 +756,7 @@ func getOciChartModels(appNames []string, allTags map[string]TagList, ociChartRe + return charts, nil + } + +-func getOciChartModel(appName string, tags TagList, ociChartRepo *OCIChartRepository, repo *sourcev1beta2.HelmRepository) (*models.Chart, error) { ++func getOciChartModel(appName string, tags TagList, ociChartRepo *OCIChartRepository, repo *sourcev1.HelmRepository) (*models.Chart, error) { + // Encode repository names to store them in the database. + encodedAppName := url.PathEscape(appName) + chartID := path.Join(repo.Name, encodedAppName) +@@ -870,8 +870,8 @@ func downloadOCIChartFn(ociRepo *OCIChartRepository) func(chartID, chartUrl, cha + } + + // oidcAuth generates the OIDC credential authenticator based on the specified cloud provider. +-func oidcAuth(ctx context.Context, repo sourcev1beta2.HelmRepository) (*orasregistryauthv2.Credential, error) { +- url := strings.TrimPrefix(repo.Spec.URL, sourcev1beta2.OCIRepositoryPrefix) ++func oidcAuth(ctx context.Context, repo sourcev1.HelmRepository) (*orasregistryauthv2.Credential, error) { ++ url := strings.TrimPrefix(repo.Spec.URL, "oci://") + ref, err := name.ParseReference(url) + if err != nil { + return nil, fmt.Errorf("failed to parse URL '%s': %w", repo.Spec.URL, err) +@@ -888,11 +888,11 @@ func oidcAuth(ctx context.Context, repo sourcev1beta2.HelmRepository) (*orasregi + func loginWithManager(ctx context.Context, provider, url string, ref name.Reference) (*orasregistryauthv2.Credential, error) { + opts := login.ProviderOptions{} + switch provider { +- case sourcev1beta2.AmazonOCIProvider: ++ case "amazon": + opts.AwsAutoLogin = true +- case sourcev1beta2.AzureOCIProvider: ++ case "azure": + opts.AzureAutoLogin = true +- case sourcev1beta2.GoogleOCIProvider: ++ case "gcp": + opts.GcpAutoLogin = true + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +index c489cb6ca..37593c166 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +@@ -12,9 +12,9 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/connecterror" +@@ -40,7 +40,7 @@ var ( + ) + + // namespace maybe "", in which case releases from all namespaces are returned +-func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, namespace string) ([]helmv2beta2.HelmRelease, error) { ++func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, namespace string) ([]helmv2.HelmRelease, error) { + client, err := s.getClient(headers, namespace) + if err != nil { + return nil, err +@@ -53,7 +53,7 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, + // 2) there is a "consistent snapshot" problem, where the client doesn't want to + // see any results created/updated/deleted after the first request is issued + // To fix this, we must make use of resourceVersion := relList.GetResourceVersion() +- var relList helmv2beta2.HelmReleaseList ++ var relList helmv2.HelmReleaseList + if err = client.List(ctx, &relList); err != nil { + return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err) + } else { +@@ -61,13 +61,13 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, + } + } + +-func (s *Server) getReleaseInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*helmv2beta2.HelmRelease, error) { ++func (s *Server) getReleaseInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*helmv2.HelmRelease, error) { + client, err := s.getClient(headers, key.Namespace) + if err != nil { + return nil, err + } + +- var rel helmv2beta2.HelmRelease ++ var rel helmv2.HelmRelease + if err = client.Get(ctx, key, &rel); err != nil { + return nil, connecterror.FromK8sError("get", "HelmRelease", key.String(), err) + } +@@ -106,7 +106,7 @@ func (s *Server) paginatedInstalledPkgSummaries(ctx context.Context, headers htt + return installedPkgSummaries, nil + } + +-func (s *Server) installedPkgSummaryFromRelease(ctx context.Context, headers http.Header, rel helmv2beta2.HelmRelease) (*corev1.InstalledPackageSummary, error) { ++func (s *Server) installedPkgSummaryFromRelease(ctx context.Context, headers http.Header, rel helmv2.HelmRelease) (*corev1.InstalledPackageSummary, error) { + name, err := common.NamespacedName(&rel) + if err != nil { + return nil, err +@@ -236,11 +236,7 @@ func (s *Server) installedPackageDetail(ctx context.Context, headers http.Header + + // this will only be present if install/upgrade succeeded + // TODO(agamez): flux upgrade - migrate to Status.History, see https://github.com/fluxcd/flux2/releases/tag/v2.2.0 +- pkgVersion := rel.Status.LastAppliedRevision +- if pkgVersion == "" { +- // this is the back-up option: will be there if the reconciliation is in progress or has failed +- pkgVersion = rel.Status.LastAttemptedRevision +- } ++ pkgVersion := rel.Status.LastAttemptedRevision + + availablePackageRef, err := installedPackageAvailablePackageRef(rel) + if err != nil { +@@ -288,7 +284,7 @@ func (s *Server) installedPackageDetail(ctx context.Context, headers http.Header + }, nil + } + +-func (s *Server) getReleaseViaHelmApi(headers http.Header, key types.NamespacedName, rel *helmv2beta2.HelmRelease) (*release.Release, error) { ++func (s *Server) getReleaseViaHelmApi(headers http.Header, key types.NamespacedName, rel *helmv2.HelmRelease) (*release.Release, error) { + // post installation notes can only be retrieved via helm APIs, flux doesn't do it + // see discussion in https://cloud-native.slack.com/archives/CLAJ40HV3/p1629244025187100 + if s.actionConfigGetter == nil { +@@ -458,7 +454,7 @@ func (s *Server) updateRelease(ctx context.Context, headers http.Header, package + // process and the current status no longer applies. metadata and spec I want + // to keep, as they may have had added labels and/or annotations and/or + // even other changes made by the user. +- rel.Status = helmv2beta2.HelmReleaseStatus{} ++ rel.Status = helmv2.HelmReleaseStatus{} + + client, err := s.getClient(headers, packageRef.Context.Namespace) + if err != nil { +@@ -489,7 +485,7 @@ func (s *Server) deleteRelease(ctx context.Context, headers http.Header, package + + log.V(4).Infof("Deleting release: [%s]", packageRef.Identifier) + +- rel := &helmv2beta2.HelmRelease{ ++ rel := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: packageRef.Identifier, + Namespace: packageRef.Context.Namespace, +@@ -507,19 +503,19 @@ func (s *Server) deleteRelease(ctx context.Context, headers http.Header, package + // 2. metadata.namespace, where this HelmRelease CRD will exist, same as (3) below + // per https://github.com/vmware-tanzu/kubeapps/pull/3640#issuecomment-949315105 + // 3. spec.targetNamespace, where flux will install any artifacts from the release +-func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.NamespacedName, versionExpr string, reconcile *corev1.ReconciliationOptions, values map[string]interface{}) (*helmv2beta2.HelmRelease, error) { +- fluxRelease := &helmv2beta2.HelmRelease{ ++func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.NamespacedName, versionExpr string, reconcile *corev1.ReconciliationOptions, values map[string]interface{}) (*helmv2.HelmRelease, error) { ++ fluxRelease := &helmv2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: targetName.Name, + Namespace: targetName.Namespace, + }, +- Spec: helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ Spec: helmv2.HelmReleaseSpec{ ++ Chart: &helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: chart.Name, +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ ++ SourceRef: helmv2.CrossNamespaceObjectReference{ + Name: chart.Repo.Name, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + Namespace: chart.Repo.Namespace, + }, + }, +@@ -581,7 +577,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp + // when install completes with success + // - "reason" field: failure only when flux returns "InstallFailed" reason + // otherwise pending or unspecified when there are no status conditions to go by +-func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1.InstalledPackageStatus_StatusReason, userReason string) { ++func isHelmReleaseReady(rel helmv2.HelmRelease) (ready bool, status corev1.InstalledPackageStatus_StatusReason, userReason string) { + if !checkReleaseGeneration(rel) { + // according to https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + // observedGeneration represents the .metadata.generation that the condition was set based upon. +@@ -601,9 +597,8 @@ func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1. + // "reason": "InstallFailed" + // i.e. not super useful + userReason = readyCond.Reason +- if userReason == helmv2beta2.InstallFailedReason || +- userReason == helmv2beta2.UpgradeFailedReason || +- userReason == helmv2beta2.GetLastReleaseFailedReason { ++ if userReason == helmv2.InstallFailedReason || ++ userReason == helmv2.UpgradeFailedReason { + isInstallFailed = true + } + } +@@ -627,7 +622,7 @@ func isHelmReleaseReady(rel helmv2beta2.HelmRelease) (ready bool, status corev1. + return false, corev1.InstalledPackageStatus_STATUS_REASON_PENDING, userReason + } + +-func installedPackageStatus(rel helmv2beta2.HelmRelease) *corev1.InstalledPackageStatus { ++func installedPackageStatus(rel helmv2.HelmRelease) *corev1.InstalledPackageStatus { + ready, reason, userReason := isHelmReleaseReady(rel) + return &corev1.InstalledPackageStatus{ + Ready: ready, +@@ -636,7 +631,7 @@ func installedPackageStatus(rel helmv2beta2.HelmRelease) *corev1.InstalledPackag + } + } + +-func installedPackageReconciliationOptions(rel *helmv2beta2.HelmRelease) *corev1.ReconciliationOptions { ++func installedPackageReconciliationOptions(rel *helmv2.HelmRelease) *corev1.ReconciliationOptions { + reconciliationOptions := &corev1.ReconciliationOptions{} + reconciliationOptions.Interval = pkgutils.FromDuration(&rel.Spec.Interval) + reconciliationOptions.Suspend = rel.Spec.Suspend +@@ -644,7 +639,7 @@ func installedPackageReconciliationOptions(rel *helmv2beta2.HelmRelease) *corev1 + return reconciliationOptions + } + +-func installedPackageAvailablePackageRef(rel *helmv2beta2.HelmRelease) (*corev1.AvailablePackageReference, error) { ++func installedPackageAvailablePackageRef(rel *helmv2.HelmRelease) (*corev1.AvailablePackageReference, error) { + repoName := rel.Spec.Chart.Spec.SourceRef.Name + if repoName == "" { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Missing required field spec.chart.spec.sourceRef.name")) +@@ -670,7 +665,7 @@ func installedPackageAvailablePackageRef(rel *helmv2beta2.HelmRelease) (*corev1. + } + + // ref https://fluxcd.io/docs/components/helm/helmreleases/ +-func helmReleaseName(key types.NamespacedName, rel *helmv2beta2.HelmRelease) types.NamespacedName { ++func helmReleaseName(key types.NamespacedName, rel *helmv2.HelmRelease) types.NamespacedName { + helmReleaseName := rel.Spec.ReleaseName + // according to docs ReleaseName is optional and defaults to a composition of + // '[TargetNamespace-]Name'. +@@ -691,7 +686,7 @@ func helmReleaseName(key types.NamespacedName, rel *helmv2beta2.HelmRelease) typ + return types.NamespacedName{Name: helmReleaseName, Namespace: helmReleaseNamespace} + } + +-func checkReleaseGeneration(rel helmv2beta2.HelmRelease) bool { ++func checkReleaseGeneration(rel helmv2.HelmRelease) bool { + generation := rel.GetGeneration() + observedGeneration := rel.Status.ObservedGeneration + return generation > 0 && generation == observedGeneration +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go +index ba46e9633..dd5507e60 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go +@@ -12,8 +12,8 @@ import ( + "testing" + "time" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -949,7 +949,7 @@ func TestKindClusterRBAC_ReadRelease(t *testing.T) { + rules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "list"}, + }, +@@ -1044,14 +1044,14 @@ func TestKindClusterRBAC_ReadRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns1: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get", "list"}, + }, + }, + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "list"}, + }, +@@ -1188,7 +1188,7 @@ func TestKindClusterRBAC_CreateRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"create"}, + }, +@@ -1218,14 +1218,14 @@ func TestKindClusterRBAC_CreateRelease(t *testing.T) { + nsToRules = map[string][]rbacv1.PolicyRule{ + ns1: { + { +- APIGroups: []string{sourcev1beta2.GroupVersion.Group}, ++ APIGroups: []string{sourcev1.GroupVersion.Group}, + Resources: []string{"helmcharts"}, + Verbs: []string{"get"}, + }, + }, + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"create"}, + }, +@@ -1335,7 +1335,7 @@ func TestKindClusterRBAC_UpdateRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get"}, + }, +@@ -1368,7 +1368,7 @@ func TestKindClusterRBAC_UpdateRelease(t *testing.T) { + nsToRules = map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"get", "update"}, + }, +@@ -1476,7 +1476,7 @@ func TestKindClusterRBAC_DeleteRelease(t *testing.T) { + nsToRules := map[string][]rbacv1.PolicyRule{ + ns2: { + { +- APIGroups: []string{helmv2beta2.GroupVersion.Group}, ++ APIGroups: []string{helmv2.GroupVersion.Group}, + Resources: []string{fluxHelmReleases}, + Verbs: []string{"delete"}, + }, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go +index 824afc678..8827ccdbe 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_test.go +@@ -12,10 +12,10 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -43,7 +43,7 @@ type testSpecGetInstalledPackages struct { + releaseValues *v1.JSON + releaseSuspend bool + releaseServiceAccountName string +- releaseStatus helmv2beta2.HelmReleaseStatus ++ releaseStatus helmv2.HelmReleaseStatus + // only used to test edge cases now, most tests should not set this + targetNamespace string + } +@@ -511,7 +511,7 @@ func TestCreateInstalledPackage(t *testing.T) { + existingObjs testSpecCreateInstalledPackage + expectedStatusCode codes.Code + expectedResponse *corev1.CreateInstalledPackageResponse +- expectedRelease *helmv2beta2.HelmRelease ++ expectedRelease *helmv2.HelmRelease + defaultUpgradePolicyStr string + }{ + { +@@ -637,7 +637,7 @@ func TestCreateInstalledPackage(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{*repo}) + if err != nil { + t.Fatal(err) + } +@@ -686,12 +686,12 @@ func TestCreateInstalledPackage(t *testing.T) { + t.Fatal(err) + } else { + key := types.NamespacedName{Namespace: tc.request.TargetContext.Namespace, Name: tc.request.Name} +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if err = ctrlClient.Get(context.Background(), key, &actualRel); err != nil { + t.Fatal(err) + } else { + // Values are JSON string and need to be compared as such +- opts = cmpopts.IgnoreFields(helmv2beta2.HelmReleaseSpec{}, "Values") ++ opts = cmpopts.IgnoreFields(helmv2.HelmReleaseSpec{}, "Values") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -714,7 +714,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + existingK8sObjs *testSpecGetInstalledPackages + expectedErrorCode connect.Code + expectedResponse *corev1.UpdateInstalledPackageResponse +- expectedRelease *helmv2beta2.HelmRelease ++ expectedRelease *helmv2.HelmRelease + defaultUpgradePolicyStr string + }{ + { +@@ -894,7 +894,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + Name: tc.expectedResponse.InstalledPackageRef.Identifier, + } + ctx := context.Background() +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else if err = ctrlClient.Get(ctx, key, &actualRel); err != nil { +@@ -902,7 +902,7 @@ func TestUpdateInstalledPackage(t *testing.T) { + } + + // Values are JSON string and need to be compared as such +- opts = cmpopts.IgnoreFields(helmv2beta2.HelmReleaseSpec{}, "Values") ++ opts = cmpopts.IgnoreFields(helmv2.HelmReleaseSpec{}, "Values") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -985,7 +985,7 @@ func TestDeleteInstalledPackage(t *testing.T) { + Name: tc.request.InstalledPackageRef.Identifier, + } + ctx := context.Background() +- var actualRel helmv2beta2.HelmRelease ++ var actualRel helmv2.HelmRelease + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else if err = ctrlClient.Get(ctx, key, &actualRel); !errors.IsNotFound(err) { +@@ -1129,15 +1129,15 @@ func TestGetInstalledPackageResourceRefs(t *testing.T) { + } + } + +-func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPackages) (charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease, cleanup func()) { ++func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPackages) (charts []sourcev1.HelmChart, releases []helmv2.HelmRelease, cleanup func()) { + httpServers := []*httptest.Server{} + cleanup = func() { + for _, ts := range httpServers { + ts.Close() + } + } +- charts = []sourcev1beta2.HelmChart{} +- releases = []helmv2beta2.HelmRelease{} ++ charts = []sourcev1.HelmChart{} ++ releases = []helmv2.HelmRelease{} + + for _, existing := range existingK8sObjs { + tarGzBytes, err := os.ReadFile(existing.chartTarGz) +@@ -1155,24 +1155,24 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + })) + httpServers = append(httpServers, ts) + +- chartSpec := &sourcev1beta2.HelmChartSpec{ ++ chartSpec := &sourcev1.HelmChartSpec{ + Chart: existing.chartName, +- SourceRef: sourcev1beta2.LocalHelmChartSourceReference{ ++ SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: existing.repoName, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + }, + Version: existing.chartSpecVersion, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- chartStatus := &sourcev1beta2.HelmChartStatus{ ++ chartStatus := &sourcev1.HelmChartStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, + Message: "Fetched revision: " + existing.chartSpecVersion, + Type: fluxmeta.ReadyCondition, + Status: metav1.ConditionTrue, +- Reason: sourcev1beta2.ChartPullSucceededReason, ++ Reason: sourcev1.ChartPullSucceededReason, + }, + }, + Artifact: &sourcev1.Artifact{ +@@ -1183,14 +1183,14 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + chart := newChart(existing.chartName, existing.repoNamespace, chartSpec, chartStatus) + charts = append(charts, chart) + +- releaseSpec := &helmv2beta2.HelmReleaseSpec{ +- Chart: helmv2beta2.HelmChartTemplate{ +- Spec: helmv2beta2.HelmChartTemplateSpec{ ++ releaseSpec := &helmv2.HelmReleaseSpec{ ++ Chart: helmv2.HelmChartTemplate{ ++ Spec: helmv2.HelmChartTemplateSpec{ + Chart: existing.chartName, + Version: existing.chartSpecVersion, +- SourceRef: helmv2beta2.CrossNamespaceObjectReference{ ++ SourceRef: helmv2.CrossNamespaceObjectReference{ + Name: existing.repoName, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Kind: sourcev1.HelmRepositoryKind, + Namespace: existing.repoNamespace, + }, + }, +@@ -1217,8 +1217,8 @@ func newChartsAndReleases(t *testing.T, existingK8sObjs []testSpecGetInstalledPa + return charts, releases, cleanup + } + +-func newRelease(meta metav1.ObjectMeta, spec *helmv2beta2.HelmReleaseSpec, status *helmv2beta2.HelmReleaseStatus) helmv2beta2.HelmRelease { +- helmRelease := helmv2beta2.HelmRelease{ ++func newRelease(meta metav1.ObjectMeta, spec *helmv2.HelmReleaseSpec, status *helmv2.HelmReleaseStatus) helmv2.HelmRelease { ++ helmRelease := helmv2.HelmRelease{ + ObjectMeta: meta, + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go +index 790b21514..5154ed7f7 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go +@@ -18,7 +18,7 @@ import ( + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/k8sutils" + + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache" +@@ -52,7 +52,7 @@ var ( + // returns a list of HelmRepositories from specified namespace. + // ns can be "", in which case all namespaces (cluster-wide), excluding + // the ones that the caller has no read access to +-func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, ns string) ([]sourcev1beta2.HelmRepository, error) { ++func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, ns string) ([]sourcev1.HelmRepository, error) { + // the actual List(...) call will be executed in the context of + // kubeapps-internal-kubeappsapis service account + // ref https://github.com/vmware-tanzu/kubeapps/issues/4390 for explanation +@@ -62,7 +62,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + return nil, err + } + +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + listOptions := ctrlclient.ListOptions{ + Namespace: ns, + } +@@ -83,7 +83,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + return nil, err + } + } +- items := []sourcev1beta2.HelmRepository{} ++ items := []sourcev1.HelmRepository{} + for _, item := range repoList.Items { + if allowedNamespaces.Has(item.GetNamespace()) { + items = append(items, item) +@@ -93,7 +93,7 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, + } + } + +-func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1beta2.HelmRepository, error) { ++func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key types.NamespacedName) (*sourcev1.HelmRepository, error) { + // unlike List(), there is no need to execute Get() in the context of + // kubeapps-internal-kubeappsapis service account and then filter out results based on + // whether or not the caller hasAccessToNamespace(). We can just pass the caller +@@ -103,7 +103,7 @@ func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key + if err != nil { + return nil, err + } +- var repo sourcev1beta2.HelmRepository ++ var repo sourcev1.HelmRepository + if err = client.Get(ctx, key, &repo); err != nil { + return nil, connecterror.FromK8sError("get", "HelmRepository", key.String(), err) + } +@@ -111,7 +111,7 @@ func (s *Server) getRepoInCluster(ctx context.Context, headers http.Header, key + } + + // regexp expressions are used for matching actual names against expected patters +-func (s *Server) filterReadyReposByName(repoList []sourcev1beta2.HelmRepository, match []string) (sets.Set[string], error) { ++func (s *Server) filterReadyReposByName(repoList []sourcev1.HelmRepository, match []string) (sets.Set[string], error) { + if s.repoCache == nil { + return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("Server cache has not been properly initialized")) + } +@@ -232,7 +232,7 @@ func (s *Server) newRepo(ctx context.Context, request *connect.Request[corev1.Ad + } + + typ := request.Msg.GetType() +- if typ != "helm" && typ != sourcev1beta2.HelmRepositoryTypeOCI { ++ if typ != "helm" && typ != sourcev1.HelmRepositoryTypeOCI { + return nil, connect.NewError(connect.CodeUnimplemented, fmt.Errorf("Repository type [%s] not supported", typ)) + } + +@@ -323,7 +323,7 @@ func (s *Server) repoDetail(ctx context.Context, headers http.Header, repoRef *c + // will have a FluxPackageRepositoryCustomDetail in it. Flux spec already clearly states + // If you do not specify .spec.provider, it defaults to generic. + // https://fluxcd.io/flux/components/source/helmrepositories/#provider +- if repo.Spec.Provider != "" && repo.Spec.Provider != sourcev1beta2.GenericOCIProvider { ++ if repo.Spec.Provider != "" && repo.Spec.Provider != "generic" { + if customDetail, err = anypb.New(&v1alpha1.FluxPackageRepositoryCustomDetail{ + Provider: repo.Spec.Provider, + }); err != nil { +@@ -357,7 +357,7 @@ func (s *Server) repoDetail(ctx context.Context, headers http.Header, repoRef *c + + func (s *Server) repoSummaries(ctx context.Context, headers http.Header, ns string) ([]*corev1.PackageRepositorySummary, error) { + summaries := []*corev1.PackageRepositorySummary{} +- var repos []sourcev1beta2.HelmRepository ++ var repos []sourcev1.HelmRepository + var err error + if ns == apiv1.NamespaceAll { + if repos, err = s.listReposInNamespace(ctx, headers, ns); err != nil { +@@ -368,7 +368,7 @@ func (s *Server) repoSummaries(ctx context.Context, headers http.Header, ns stri + // namely, if a specific namespace is passed in, we need to list repos in that namespace + // and if the caller happens not to have 'read' access to that namespace, a PermissionDenied + // error should be raised, as opposed to returning an empty list with no error +- var repoList sourcev1beta2.HelmRepositoryList ++ var repoList sourcev1.HelmRepositoryList + var client ctrlclient.Client + if client, err = s.getClient(headers, ns); err != nil { + return nil, err +@@ -491,7 +491,7 @@ func (s *Server) updateRepo(ctx context.Context, repoRef *corev1.PackageReposito + // process and the current status no longer applies. metadata and spec I want + // to keep, as they may have had added labels and/or annotations and/or + // even other changes made by the user. +- repo.Status = sourcev1beta2.HelmRepositoryStatus{} ++ repo.Status = sourcev1.HelmRepositoryStatus{} + + if client, err := s.getClient(request.Header(), key.Namespace); err != nil { + return nil, err +@@ -529,7 +529,7 @@ func (s *Server) deleteRepo(ctx context.Context, headers http.Header, repoRef *c + // For kubeapps-managed secrets environment secrets will be deleted (garbage-collected) + // when the owner repo is deleted + +- repo := &sourcev1beta2.HelmRepository{ ++ repo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: repoRef.Identifier, + Namespace: repoRef.Context.Namespace, +@@ -562,10 +562,10 @@ func (s *repoEventSink) onAddRepo(key string, obj ctrlclient.Object) (interface{ + log.V(4).Infof("+onAddRepo(%s)", key) + defer log.V(4).Info("-onAddRepo()") + +- if repo, ok := obj.(*sourcev1beta2.HelmRepository); !ok { +- return nil, false, fmt.Errorf("expected an instance of *sourcev1beta2.HelmRepository, got: %T", obj) ++ if repo, ok := obj.(*sourcev1.HelmRepository); !ok { ++ return nil, false, fmt.Errorf("expected an instance of *sourcev1.HelmRepository, got: %T", obj) + } else if isRepoReady(*repo) { +- if repo.Spec.Type == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repo.Spec.Type == sourcev1.HelmRepositoryTypeOCI { + return s.onAddOciRepo(*repo) + } else { + return s.onAddHttpRepo(*repo) +@@ -579,7 +579,7 @@ func (s *repoEventSink) onAddRepo(key string, obj ctrlclient.Object) (interface{ + } + + // ref https://fluxcd.io/docs/components/source/helmrepositories/#status +-func (s *repoEventSink) onAddHttpRepo(repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onAddHttpRepo(repo sourcev1.HelmRepository) ([]byte, bool, error) { + if artifact := repo.GetArtifact(); artifact != nil { + if checksum := artifact.Digest; checksum == "" { + return nil, false, connect.NewError(connect.CodeInternal, +@@ -595,7 +595,7 @@ func (s *repoEventSink) onAddHttpRepo(repo sourcev1beta2.HelmRepository) ([]byte + } + } + +-func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1.HelmRepository) ([]byte, bool, error) { + charts, err := s.indexOneRepo(repo) + if err != nil { + return nil, false, err +@@ -637,7 +637,7 @@ func (s *repoEventSink) indexAndEncode(checksum string, repo sourcev1beta2.HelmR + + // it is assumed the caller has already checked that this repo is ready + // At present, there is only one caller of indexOneRepo() and this check is already done by it +-func (s *repoEventSink) indexOneRepo(repo sourcev1beta2.HelmRepository) ([]models.Chart, error) { ++func (s *repoEventSink) indexOneRepo(repo sourcev1.HelmRepository) ([]models.Chart, error) { + startTime := time.Now() + + // ref https://fluxcd.io/docs/components/source/helmrepositories/#status +@@ -698,12 +698,12 @@ func (s *repoEventSink) indexOneRepo(repo sourcev1beta2.HelmRepository) ([]model + + // onModifyRepo essentially tells the cache whether or not to and what to store for a given key + func (s *repoEventSink) onModifyRepo(key string, obj ctrlclient.Object, oldValue interface{}) (interface{}, bool, error) { +- if repo, ok := obj.(*sourcev1beta2.HelmRepository); !ok { +- return nil, false, fmt.Errorf("expected an instance of *sourcev1beta2.HelmRepository, got: %T", obj) ++ if repo, ok := obj.(*sourcev1.HelmRepository); !ok { ++ return nil, false, fmt.Errorf("expected an instance of *sourcev1.HelmRepository, got: %T", obj) + } else if isRepoReady(*repo) { + // first check the repo is ready + +- if repo.Spec.Type == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repo.Spec.Type == sourcev1.HelmRepositoryTypeOCI { + return s.onModifyOciRepo(key, oldValue, *repo) + } else { + return s.onModifyHttpRepo(key, oldValue, *repo) +@@ -716,7 +716,7 @@ func (s *repoEventSink) onModifyRepo(key string, obj ctrlclient.Object, oldValue + } + } + +-func (s *repoEventSink) onModifyHttpRepo(key string, oldValue interface{}, repo sourcev1beta2.HelmRepository) ([]byte, bool, error) { ++func (s *repoEventSink) onModifyHttpRepo(key string, oldValue interface{}, repo sourcev1.HelmRepository) ([]byte, bool, error) { + // We should to compare checksums on what's stored in the cache + // vs the modified object to see if the contents has really changed before embarking on + // expensive operation indexOneRepo() below. +@@ -796,7 +796,7 @@ func (s *repoEventSink) fromKey(key string) (*types.NamespacedName, error) { + return &types.NamespacedName{Namespace: parts[1], Name: parts[2]}, nil + } + +-func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1beta2.HelmRepository) (*apiv1.Secret, error) { ++func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1.HelmRepository) (*apiv1.Secret, error) { + if repo.Spec.SecretRef == nil { + return nil, nil + } +@@ -825,7 +825,7 @@ func (s *repoEventSink) getRepoSecret(ctx context.Context, repo sourcev1beta2.He + + // The reason I do this here is to set up auth that may be needed to fetch chart tarballs by + // ChartCache +-func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourcev1beta2.HelmRepository) (*common.HttpClientOptions, error) { ++func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourcev1.HelmRepository) (*common.HttpClientOptions, error) { + if secret, err := s.getRepoSecret(ctx, repo); err == nil && secret != nil { + return common.HttpClientOptionsFromSecret(*secret) + } else { +@@ -837,7 +837,7 @@ func (s *repoEventSink) clientOptionsForHttpRepo(ctx context.Context, repo sourc + // repo-related utilities + // + +-func isRepoReady(repo sourcev1beta2.HelmRepository) bool { ++func isRepoReady(repo sourcev1.HelmRepository) bool { + // see docs at https://fluxcd.io/docs/components/source/helmrepositories/ + // Confirm the state we are observing is for the current generation + if !checkRepoGeneration(repo) { +@@ -854,7 +854,7 @@ func isRepoReady(repo sourcev1beta2.HelmRepository) bool { + // - reason: if present + // docs: + // 1. https://fluxcd.io/docs/components/source/helmrepositories/#status-examples +-func isHelmRepositoryReady(repo sourcev1beta2.HelmRepository) (complete bool, success bool, reason string) { ++func isHelmRepositoryReady(repo sourcev1.HelmRepository) (complete bool, success bool, reason string) { + // flux source-controller v1beta2 API made a change so that we can no longer + // rely on a simple "metadata.generation" vs "status.observedGeneration" check for a + // quick answer. The resource may now exist with "observedGeneration": -1 either in +@@ -882,7 +882,7 @@ func isHelmRepositoryReady(repo sourcev1beta2.HelmRepository) (complete bool, su + return false, false, reason + } + +-func repoStatus(repo sourcev1beta2.HelmRepository) *corev1.PackageRepositoryStatus { ++func repoStatus(repo sourcev1.HelmRepository) *corev1.PackageRepositoryStatus { + complete, success, reason := isHelmRepositoryReady(repo) + s := &corev1.PackageRepositoryStatus{ + Ready: complete && success, +@@ -899,7 +899,7 @@ func repoStatus(repo sourcev1beta2.HelmRepository) *corev1.PackageRepositoryStat + return s + } + +-func checkRepoGeneration(repo sourcev1beta2.HelmRepository) bool { ++func checkRepoGeneration(repo sourcev1.HelmRepository) bool { + generation := repo.GetGeneration() + observedGeneration := repo.Status.ObservedGeneration + return generation > 0 && generation == observedGeneration +@@ -914,7 +914,7 @@ func newFluxHelmRepo( + interval string, + secret *apiv1.Secret, + passCredentials bool, +- provider string) (*sourcev1beta2.HelmRepository, error) { ++ provider string) (*sourcev1.HelmRepository, error) { + pollInterval := defaultPollInterval + if interval != "" { + if duration, err := pkgutils.ToDuration(interval); err != nil { +@@ -923,18 +923,18 @@ func newFluxHelmRepo( + pollInterval = *duration + } + } +- fluxRepo := &sourcev1beta2.HelmRepository{ ++ fluxRepo := &sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: targetName.Name, + Namespace: targetName.Namespace, + }, +- Spec: sourcev1beta2.HelmRepositorySpec{ ++ Spec: sourcev1.HelmRepositorySpec{ + URL: url, + Interval: pollInterval, + }, + } +- if typ == sourcev1beta2.HelmRepositoryTypeOCI { +- fluxRepo.Spec.Type = sourcev1beta2.HelmRepositoryTypeOCI ++ if typ == sourcev1.HelmRepositoryTypeOCI { ++ fluxRepo.Spec.Type = sourcev1.HelmRepositoryTypeOCI + } + if desc != "" { + k8sutils.SetDescription(&fluxRepo.ObjectMeta, desc) +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go +index 517a503ec..f811e0297 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_auth.go +@@ -10,7 +10,7 @@ import ( + "net/http" + + "github.com/bufbuild/connect-go" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/connecterror" + "github.com/vmware-tanzu/kubeapps/pkg/kube" +@@ -79,7 +79,7 @@ func (s *Server) handleRepoSecretForCreate( + func (s *Server) handleRepoSecretForUpdate( + ctx context.Context, + headers http.Header, +- repo *sourcev1beta2.HelmRepository, ++ repo *sourcev1.HelmRepository, + newTlsConfig *corev1.PackageRepositoryTlsConfig, + newAuth *corev1.PackageRepositoryAuth) (updatedSecret *apiv1.Secret, isKubeappsManagedSecret bool, isSecretUpdated bool, err error) { + +@@ -208,7 +208,7 @@ func (s *Server) validateUserManagedRepoSecret( + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Specified secret [%s] missing fields 'username' and/or 'password'", secretRef)) + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_TLS: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + // ref https://fluxcd.io/flux/components/source/helmrepositories/#tls-authentication + // Note: TLS authentication is not yet supported by OCI Helm repositories. + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Package repository authentication type %q is not supported for OCI repositories", auth.Type)) +@@ -218,7 +218,7 @@ func (s *Server) validateUserManagedRepoSecret( + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_DOCKER_CONFIG_JSON: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + if secret.Data[apiv1.DockerConfigJsonKey] == nil { + return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Specified secret [%s] missing field '%s'", secretRef, apiv1.DockerConfigJsonKey)) + } +@@ -251,7 +251,7 @@ func (s *Server) setOwnerReferencesForRepoSecret( + ctx context.Context, + headers http.Header, + secret *apiv1.Secret, +- repo *sourcev1beta2.HelmRepository) error { ++ repo *sourcev1.HelmRepository) error { + + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 + if repo.Spec.SecretRef != nil && secret != nil { +@@ -263,9 +263,9 @@ func (s *Server) setOwnerReferencesForRepoSecret( + *metav1.NewControllerRef( + repo, + schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind, + }), + } + if _, err := secretsInterface.Update(ctx, secret, metav1.UpdateOptions{}); err != nil { +@@ -276,7 +276,7 @@ func (s *Server) setOwnerReferencesForRepoSecret( + return nil + } + +-func (s *Server) getRepoTlsConfigAndAuth(ctx context.Context, headers http.Header, repo sourcev1beta2.HelmRepository) (*corev1.PackageRepositoryTlsConfig, *corev1.PackageRepositoryAuth, error) { ++func (s *Server) getRepoTlsConfigAndAuth(ctx context.Context, headers http.Header, repo sourcev1.HelmRepository) (*corev1.PackageRepositoryTlsConfig, *corev1.PackageRepositoryAuth, error) { + var tlsConfig *corev1.PackageRepositoryTlsConfig + var auth *corev1.PackageRepositoryAuth + +@@ -385,7 +385,7 @@ func newSecretFromTlsConfigAndAuth(repoName types.NamespacedName, + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_TLS: +- if repoType == sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType == sourcev1.HelmRepositoryTypeOCI { + // ref https://fluxcd.io/flux/components/source/helmrepositories/#tls-authentication + // Note: TLS authentication is not yet supported by OCI Helm repositories. + return nil, false, connect.NewError(connect.CodeInternal, fmt.Errorf("Package repository authentication type %q is not supported for OCI repositories", auth.Type)) +@@ -413,7 +413,7 @@ func newSecretFromTlsConfigAndAuth(repoName types.NamespacedName, + } + } + case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_DOCKER_CONFIG_JSON: +- if repoType != sourcev1beta2.HelmRepositoryTypeOCI { ++ if repoType != sourcev1.HelmRepositoryTypeOCI { + return nil, false, connect.NewError(connect.CodeInternal, fmt.Errorf("Unsupported package repository authentication type: %q", auth.Type)) + } + +@@ -569,7 +569,7 @@ func getRepoTlsConfigAndAuthWithKubeappsManagedSecrets(secret *apiv1.Secret) (*c + return tlsConfig, auth, nil + } + +-func isSecretKubeappsManaged(secret *apiv1.Secret, repo *sourcev1beta2.HelmRepository) bool { ++func isSecretKubeappsManaged(secret *apiv1.Secret, repo *sourcev1.HelmRepository) bool { + if !metav1.IsControlledBy(secret, repo) { + return false + } +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go +index e90758d47..23d9e3e68 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo_test.go +@@ -19,7 +19,7 @@ import ( + "github.com/bufbuild/connect-go" + fluxmeta "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redismock/v8" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" +@@ -414,7 +414,7 @@ func TestGetAvailablePackageSummariesWithoutPagination(t *testing.T) { + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + + for _, rs := range tc.repos { + ts2, repo, err := newHttpRepoAndServeIndex(rs.index, rs.name, rs.namespace, nil, "") +@@ -479,7 +479,7 @@ func TestGetAvailablePackageSummariesWithPagination(t *testing.T) { + index: testYaml("index-with-categories.yaml"), + }, + } +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + for _, rs := range existingRepos { + ts2, repo, err := newHttpRepoAndServeIndex(rs.index, rs.name, rs.namespace, nil, "") + if err != nil { +@@ -616,12 +616,12 @@ func TestGetAvailablePackageSummaryAfterRepoIndexUpdate(t *testing.T) { + })) + defer ts.Close() + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Digest: "651f952130ea96823711d08345b85e82be011dc6", + LastUpdateTime: metav1.Time{Time: lastUpdateTime}, +@@ -640,7 +640,7 @@ func TestGetAvailablePackageSummaryAfterRepoIndexUpdate(t *testing.T) { + repoName := types.NamespacedName{Namespace: "ns2", Name: "testrepo"} + repo := newRepo(repoName.Name, repoName.Namespace, repoSpec, repoStatus) + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -752,7 +752,7 @@ func TestGetAvailablePackageSummaryAfterFluxHelmRepoDelete(t *testing.T) { + } + defer ts.Close() + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, charts, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, charts, nil) + if err != nil { + t.Fatalf("%+v", err) + } +@@ -847,7 +847,7 @@ func TestGetAvailablePackageSummaryAfterCacheResync(t *testing.T) { + } + defer ts2.Close() + +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{*repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -932,7 +932,7 @@ func TestGetAvailablePackageSummariesAfterCacheResyncQueueNotIdle(t *testing.T) + } + + // first, I'd like to fill up the work queue with a whole bunch of work items +- repos := []*sourcev1beta2.HelmRepository{} ++ repos := []*sourcev1.HelmRepository{} + mapReposCached := make(map[string][]byte) + keysInOrder := []string{} + +@@ -1181,7 +1181,7 @@ func TestAddPackageRepository(t *testing.T) { + name string + request *corev1.AddPackageRepositoryRequest + expectedResponse *corev1.AddPackageRepositoryResponse +- expectedRepo *sourcev1beta2.HelmRepository ++ expectedRepo *sourcev1.HelmRepository + errorCode connect.Code + existingSecret *apiv1.Secret + expectedCreatedSecret *apiv1.Secret +@@ -1411,7 +1411,7 @@ func TestAddPackageRepository(t *testing.T) { + if ctrlClient, err := s.clientGetter.ControllerRuntime(http.Header{}, s.kubeappsCluster); err != nil { + t.Fatal(err) + } else { +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if err = ctrlClient.Get(ctx, nsname, &actualRepo); err != nil { + t.Fatal(err) + } else { +@@ -1429,7 +1429,7 @@ func TestAddPackageRepository(t *testing.T) { + } + } else { + // TODO(agamez): flux upgrade - migrate to CertSecretRef, see https://github.com/fluxcd/flux2/releases/tag/v2.1.0 +- opt1 := cmpopts.IgnoreFields(sourcev1beta2.HelmRepositorySpec{}, "SecretRef") ++ opt1 := cmpopts.IgnoreFields(sourcev1.HelmRepositorySpec{}, "SecretRef") + + // Manually setting TypeMeta, as the fakeclient doesn't do it anymore: + // https://github.com/kubernetes-sigs/controller-runtime/pull/2633 +@@ -1637,7 +1637,7 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + secretRef = tc.repoSecret.Name + secrets = append(secrets, tc.repoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending && !tc.failed { + var ts *httptest.Server + var err error +@@ -1647,11 +1647,11 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + } + defer ts.Close() + } else if tc.pending { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1665,11 +1665,11 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + repo1 := newRepo(tc.repoName, tc.repoNamespace, repoSpec, repoStatus) + repo = &repo1 + } else { // failed +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -1686,7 +1686,7 @@ func TestGetPackageRepositoryDetail(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -1744,7 +1744,7 @@ func TestGetOciPackageRepositoryDetail(t *testing.T) { + t.Fatal(err) + } + +- s, mock, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, nil) ++ s, mock, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, nil) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -1786,7 +1786,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + testCases := []struct { + name string + request *corev1.GetPackageRepositorySummariesRequest +- existingRepos []sourcev1beta2.HelmRepository ++ existingRepos []sourcev1.HelmRepository + expectedErrorCode connect.Code + expectedResponse *corev1.GetPackageRepositorySummariesResponse + }{ +@@ -1795,7 +1795,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + request: &corev1.GetPackageRepositorySummariesRequest{ + Context: &corev1.Context{}, + }, +- existingRepos: []sourcev1beta2.HelmRepository{ ++ existingRepos: []sourcev1.HelmRepository{ + get_summaries_repo_1, + get_summaries_repo_2, + get_summaries_repo_3, +@@ -1815,7 +1815,7 @@ func TestGetPackageRepositorySummaries(t *testing.T) { + request: &corev1.GetPackageRepositorySummariesRequest{ + Context: &corev1.Context{Namespace: "foo"}, + }, +- existingRepos: []sourcev1beta2.HelmRepository{ ++ existingRepos: []sourcev1.HelmRepository{ + get_summaries_repo_1, + get_summaries_repo_2, + get_summaries_repo_3, +@@ -2124,7 +2124,7 @@ func TestUpdatePackageRepository(t *testing.T) { + if tc.newRepoSecret != nil { + secrets = append(secrets, tc.newRepoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending { + var ts *httptest.Server + var err error +@@ -2134,11 +2134,11 @@ func TestUpdatePackageRepository(t *testing.T) { + } + defer ts.Close() + } else { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2156,7 +2156,7 @@ func TestUpdatePackageRepository(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -2219,7 +2219,7 @@ func TestUpdatePackageRepository(t *testing.T) { + + // check the created/updated secret + if tc.expectedCreatedSecret != nil { +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if err = ctrlClient.Get(ctx, types.NamespacedName{Namespace: tc.repoNamespace, Name: tc.repoName}, &actualRepo); err != nil { + t.Fatal(err) + } +@@ -2285,7 +2285,7 @@ func TestDeletePackageRepository(t *testing.T) { + if tc.newRepoSecret != nil { + secrets = append(secrets, tc.newRepoSecret) + } +- var repo *sourcev1beta2.HelmRepository ++ var repo *sourcev1.HelmRepository + if !tc.pending { + var ts *httptest.Server + var err error +@@ -2295,11 +2295,11 @@ func TestDeletePackageRepository(t *testing.T) { + } + defer ts.Close() + } else { +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + LastTransitionTime: metav1.Time{Time: lastTransitionTime}, +@@ -2317,7 +2317,7 @@ func TestDeletePackageRepository(t *testing.T) { + + // the index.yaml will contain links to charts but for the purposes + // of this test they do not matter +- s, _, err := newServerWithRepos(t, []sourcev1beta2.HelmRepository{*repo}, nil, secrets) ++ s, _, err := newServerWithRepos(t, []sourcev1.HelmRepository{*repo}, nil, secrets) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -2331,7 +2331,7 @@ func TestDeletePackageRepository(t *testing.T) { + Namespace: tc.request.PackageRepoRef.Context.Namespace, + Name: tc.request.PackageRepoRef.Identifier, + } +- var actualRepo sourcev1beta2.HelmRepository ++ var actualRepo sourcev1.HelmRepository + if tc.expectedErrorCode == 0 { + if err = ctrlClient.Get(ctx, nsname, &actualRepo); err != nil { + t.Fatal(err) +@@ -2414,7 +2414,7 @@ func TestGetOciAvailablePackageSummariesWithoutPagination(t *testing.T) { + t.Run(tc.name, func(t *testing.T) { + initOciFakeClientBuilder(t, *tc.seedData) + +- repos := []sourcev1beta2.HelmRepository{} ++ repos := []sourcev1.HelmRepository{} + + for _, rs := range tc.repos { + repo, err := newOciRepo(rs.repoName, rs.repoNamespace, rs.repoUrl) +@@ -2451,8 +2451,8 @@ func TestGetOciAvailablePackageSummariesWithoutPagination(t *testing.T) { + } + } + +-func newRepo(name string, namespace string, spec *sourcev1beta2.HelmRepositorySpec, status *sourcev1beta2.HelmRepositoryStatus) sourcev1beta2.HelmRepository { +- helmRepository := sourcev1beta2.HelmRepository{ ++func newRepo(name string, namespace string, spec *sourcev1.HelmRepositorySpec, status *sourcev1.HelmRepositoryStatus) sourcev1.HelmRepository { ++ helmRepository := sourcev1.HelmRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Generation: 1, +@@ -2489,7 +2489,7 @@ func newRepo(name string, namespace string, spec *sourcev1beta2.HelmRepositorySp + + // these functions should affect only unit test, not production code + // does a series of mock.ExpectGet(...) +-func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filterOptions *corev1.FilterOptions, repos ...sourcev1beta2.HelmRepository) error { ++func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filterOptions *corev1.FilterOptions, repos ...sourcev1.HelmRepository) error { + mapVals := make(map[string][]byte) + ociRepoKeys := sets.Set[string]{} + for _, r := range repos { +@@ -2532,7 +2532,7 @@ func (s *Server) redisMockExpectGetFromRepoCache(mock redismock.ClientMock, filt + return nil + } + +-func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1beta2.HelmRepository, oldValue []byte) (key string, bytes []byte, err error) { ++func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1.HelmRepository, oldValue []byte) (key string, bytes []byte, err error) { + bg := &clientgetter.FixedClusterClientProvider{ClientsFunc: func(ctx context.Context) (*clientgetter.ClientGetter, error) { + return s.clientGetter.GetClients(http.Header{}, s.kubeappsCluster) + }} +@@ -2540,7 +2540,7 @@ func (s *Server) redisMockSetValueForRepo(mock redismock.ClientMock, repo source + return sinkNoCache.redisMockSetValueForRepo(mock, repo, oldValue) + } + +-func (sink *repoEventSink) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1beta2.HelmRepository, oldValue []byte) (key string, newValue []byte, err error) { ++func (sink *repoEventSink) redisMockSetValueForRepo(mock redismock.ClientMock, repo sourcev1.HelmRepository, oldValue []byte) (key string, newValue []byte, err error) { + if key, newValue, err = sink.redisKeyValueForRepo(repo); err != nil { + if oldValue == nil { + mock.ExpectGet(key).RedisNil() +@@ -2565,7 +2565,7 @@ func redisMockSetValueForRepo(mock redismock.ClientMock, key string, newValue, o + mock.ExpectInfo("memory").SetVal("used_memory_rss_human:NA\r\nmaxmemory_human:NA") + } + +-func (s *Server) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key string, byteArray []byte, err error) { ++func (s *Server) redisKeyValueForRepo(r sourcev1.HelmRepository) (key string, byteArray []byte, err error) { + cg := &clientgetter.FixedClusterClientProvider{ClientsFunc: func(ctx context.Context) (*clientgetter.ClientGetter, error) { + return s.clientGetter.GetClients(http.Header{}, s.kubeappsCluster) + }} +@@ -2573,7 +2573,7 @@ func (s *Server) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key strin + return sinkNoChartCache.redisKeyValueForRepo(r) + } + +-func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) (key string, byteArray []byte, err error) { ++func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1.HelmRepository) (key string, byteArray []byte, err error) { + if key, err = redisKeyForRepo(r); err != nil { + return key, nil, err + } else { +@@ -2591,7 +2591,7 @@ func (sink *repoEventSink) redisKeyValueForRepo(r sourcev1beta2.HelmRepository) + } + } + +-func redisKeyForRepo(r sourcev1beta2.HelmRepository) (string, error) { ++func redisKeyForRepo(r sourcev1.HelmRepository) (string, error) { + // redis convention on key format + // https://redis.io/topics/data-types-intro + // Try to stick with a schema. For instance "object-type:id" is a good idea, as in "user:1000". +@@ -2612,7 +2612,7 @@ func redisKeyForRepoNamespacedName(name types.NamespacedName) (string, error) { + return fmt.Sprintf("%s:%s:%s", fluxHelmRepositories, name.Namespace, name.Name), nil + } + +-func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replaceUrls map[string]string, secretRef string) (*httptest.Server, *sourcev1beta2.HelmRepository, error) { ++func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replaceUrls map[string]string, secretRef string) (*httptest.Server, *sourcev1.HelmRepository, error) { + indexYAMLBytes, err := os.ReadFile(repoIndex) + if err != nil { + return nil, nil, err +@@ -2631,7 +2631,7 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + fmt.Fprintln(w, string(indexYAMLBytes)) + })) + +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: "https://example.repo.com/charts", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + } +@@ -2644,7 +2644,7 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + revision := "651f952130ea96823711d08345b85e82be011dc6" + sz := int64(31989) + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Artifact: &sourcev1.Artifact{ + Path: fmt.Sprintf("helmrepository/%s/%s/index-%s.yaml", repoNamespace, repoName, revision), + Digest: revision, +@@ -2669,16 +2669,16 @@ func newHttpRepoAndServeIndex(repoIndex, repoName, repoNamespace string, replace + return ts, &repo, nil + } + +-func newOciRepo(repoName, repoNamespace, repoUrl string) (*sourcev1beta2.HelmRepository, error) { ++func newOciRepo(repoName, repoNamespace, repoUrl string) (*sourcev1.HelmRepository, error) { + timeout := metav1.Duration{Duration: 60 * time.Second} +- repoSpec := &sourcev1beta2.HelmRepositorySpec{ ++ repoSpec := &sourcev1.HelmRepositorySpec{ + URL: repoUrl, + Interval: metav1.Duration{Duration: 1 * time.Minute}, + Timeout: &timeout, + Type: "oci", + } + +- repoStatus := &sourcev1beta2.HelmRepositoryStatus{ ++ repoStatus := &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go +index 53fac6474..ef3d506b3 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go +@@ -13,8 +13,8 @@ import ( + + "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/helm" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + authorizationv1 "k8s.io/api/authorization/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +@@ -89,11 +89,11 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string, + + // register the GitOps Toolkit schema definitions + scheme := runtime.NewScheme() +- err = sourcev1beta2.AddToScheme(scheme) ++ err = sourcev1.AddToScheme(scheme) + if err != nil { + log.Fatalf("%s", err) + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + log.Fatalf("%s", err) + } +@@ -112,11 +112,11 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string, + OnGetFunc: s.onGetRepo, + OnDeleteFunc: s.onDeleteRepo, + OnResyncFunc: s.onResync, +- NewObjFunc: func() ctrlclient.Object { return &sourcev1beta2.HelmRepository{} }, +- NewListFunc: func() ctrlclient.ObjectList { return &sourcev1beta2.HelmRepositoryList{} }, ++ NewObjFunc: func() ctrlclient.Object { return &sourcev1.HelmRepository{} }, ++ NewListFunc: func() ctrlclient.ObjectList { return &sourcev1.HelmRepositoryList{} }, + ListItemsFunc: func(ol ctrlclient.ObjectList) []ctrlclient.Object { +- if hl, ok := ol.(*sourcev1beta2.HelmRepositoryList); !ok { +- log.Errorf("Expected: *sourcev1beta2.HelmRepositoryList, got: %T", ol) ++ if hl, ok := ol.(*sourcev1.HelmRepositoryList); !ok { ++ log.Errorf("Expected: *sourcev1.HelmRepositoryList, got: %T", ol) + return nil + } else { + ret := make([]ctrlclient.Object, len(hl.Items)) +@@ -619,7 +619,7 @@ func (s *Server) GetPackageRepositoryPermissions(ctx context.Context, request *c + } + + resource := schema.GroupResource{ +- Group: sourcev1beta2.GroupVersion.Group, ++ Group: sourcev1.GroupVersion.Group, + Resource: fluxHelmRepositories, + } + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go +index abed61c06..14278399e 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server_test.go +@@ -13,9 +13,9 @@ import ( + "time" + + "github.com/bufbuild/connect-go" +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" + fluxmeta "github.com/fluxcd/pkg/apis/meta" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/go-redis/redis/v8" + "github.com/go-redis/redismock/v8" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -46,13 +46,13 @@ import ( + func TestGetAvailablePackagesStatus(t *testing.T) { + testCases := []struct { + name string +- repo sourcev1beta2.HelmRepository ++ repo sourcev1.HelmRepository + statusCode codes.Code + }{ + { + name: "returns without error if response status does not contain conditions", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +@@ -62,21 +62,21 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if response status does not contain conditions (2)", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{}), ++ &sourcev1.HelmRepositoryStatus{}), + statusCode: codes.OK, + }, + { + name: "returns without error if response does not contain ready repos", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -91,7 +91,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + name: "returns without error if repo object does not contain namespace", + repo: newRepo("test", "", + nil, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -106,7 +106,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + name: "returns without error if repo object contains default spec", + repo: newRepo("test", "default", + nil, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -120,8 +120,8 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if repo object does not contain spec url", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{}, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositorySpec{}, ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -135,11 +135,11 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + { + name: "returns without error if repo object does not contain status url", + repo: newRepo("test", "default", +- &sourcev1beta2.HelmRepositorySpec{ ++ &sourcev1.HelmRepositorySpec{ + URL: "http://example.com", + Interval: metav1.Duration{Duration: 1 * time.Minute}, + }, +- &sourcev1beta2.HelmRepositoryStatus{ ++ &sourcev1.HelmRepositoryStatus{ + Conditions: []metav1.Condition{ + { + Type: fluxmeta.ReadyCondition, +@@ -154,7 +154,7 @@ func TestGetAvailablePackagesStatus(t *testing.T) { + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { +- s, mock, err := newSimpleServerWithRepos(t, []sourcev1beta2.HelmRepository{tc.repo}) ++ s, mock, err := newSimpleServerWithRepos(t, []sourcev1.HelmRepository{tc.repo}) + if err != nil { + t.Fatalf("error instantiating the server: %v", err) + } +@@ -204,11 +204,11 @@ type testSpecChartWithUrl struct { + numRetries int + } + +-func newSimpleServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository) (*Server, redismock.ClientMock, error) { ++func newSimpleServerWithRepos(t *testing.T, repos []sourcev1.HelmRepository) (*Server, redismock.ClientMock, error) { + return newServerWithRepos(t, repos, nil, nil) + } + +-func newServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository, charts []testSpecChartWithUrl, secrets []runtime.Object) (*Server, redismock.ClientMock, error) { ++func newServerWithRepos(t *testing.T, repos []sourcev1.HelmRepository, charts []testSpecChartWithUrl, secrets []runtime.Object) (*Server, redismock.ClientMock, error) { + typedClient := typfake.NewSimpleClientset(secrets...) + + // ref https://stackoverflow.com/questions/68794562/kubernetes-fake-client-doesnt-handle-generatename-in-objectmeta/68794563#68794563 +@@ -243,7 +243,7 @@ func newServerWithRepos(t *testing.T, repos []sourcev1beta2.HelmRepository, char + return newServer(t, clientGetter, nil, repos, charts) + } + +-func newServerWithChartsAndReleases(t *testing.T, actionConfig *action.Configuration, charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease) (*Server, redismock.ClientMock, error) { ++func newServerWithChartsAndReleases(t *testing.T, actionConfig *action.Configuration, charts []sourcev1.HelmChart, releases []helmv2.HelmRelease) (*Server, redismock.ClientMock, error) { + typedClient := typfake.NewSimpleClientset() + // Creating an authorized clientGetter + typedClient.PrependReactor("create", "selfsubjectaccessreviews", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) { +@@ -316,7 +316,7 @@ func newHelmActionConfig(t *testing.T, namespace string, rels []helmReleaseStub) + func newServer(t *testing.T, + clientGetter clientgetter.ClientProviderInterface, + actionConfig *action.Configuration, +- repos []sourcev1beta2.HelmRepository, ++ repos []sourcev1.HelmRepository, + charts []testSpecChartWithUrl) (*Server, redismock.ClientMock, error) { + + stopCh := make(chan struct{}) +@@ -360,11 +360,11 @@ func newServer(t *testing.T, + OnGetFunc: sink.onGetRepo, + OnDeleteFunc: sink.onDeleteRepo, + OnResyncFunc: sink.onResync, +- NewObjFunc: func() ctrlclient.Object { return &sourcev1beta2.HelmRepository{} }, +- NewListFunc: func() ctrlclient.ObjectList { return &sourcev1beta2.HelmRepositoryList{} }, ++ NewObjFunc: func() ctrlclient.Object { return &sourcev1.HelmRepository{} }, ++ NewListFunc: func() ctrlclient.ObjectList { return &sourcev1.HelmRepositoryList{} }, + ListItemsFunc: func(ol ctrlclient.ObjectList) []ctrlclient.Object { +- if hl, ok := ol.(*sourcev1beta2.HelmRepositoryList); !ok { +- t.Fatalf("Expected: *sourcev1beta2.HelmRepositoryList, got: %T", ol) ++ if hl, ok := ol.(*sourcev1.HelmRepositoryList); !ok { ++ t.Fatalf("Expected: *sourcev1.HelmRepositoryList, got: %T", ol) + return nil + } else { + ret := make([]ctrlclient.Object, len(hl.Items)) +@@ -410,8 +410,8 @@ func newServer(t *testing.T, + func seedRepoCacheWithRepos(t *testing.T, + mock redismock.ClientMock, + sink repoEventSink, +- repos []sourcev1beta2.HelmRepository) map[string]sourcev1beta2.HelmRepository { +- okRepos := make(map[string]sourcev1beta2.HelmRepository) ++ repos []sourcev1.HelmRepository) map[string]sourcev1.HelmRepository { ++ okRepos := make(map[string]sourcev1.HelmRepository) + for _, r := range repos { + key, err := redisKeyForRepo(r) + if err != nil { +@@ -441,7 +441,7 @@ func seedChartCacheWithCharts(t *testing.T, + mock redismock.ClientMock, + sink repoEventSink, + stopCh <-chan struct{}, +- repos map[string]sourcev1beta2.HelmRepository, ++ repos map[string]sourcev1.HelmRepository, + charts []testSpecChartWithUrl) (*cache.ChartCache, func(), error) { + t.Logf("+seedChartCacheWithCharts(%v)", charts) + +diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go +index dfbcb10c8..8109f3f2f 100644 +--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go ++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/test_util_test.go +@@ -19,8 +19,8 @@ import ( + + k8stesting "k8s.io/client-go/testing" + +- helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" +- sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2" ++ helmv2 "github.com/fluxcd/helm-controller/api/v2" ++ sourcev1 "github.com/fluxcd/source-controller/api/v1" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + corev1 "github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/core/packages/v1alpha1" +@@ -305,8 +305,8 @@ func setSecretOwnerRef(repoName string, secret *apiv1.Secret) *apiv1.Secret { + tRue := true + secret.OwnerReferences = []metav1.OwnerReference{ + { +- APIVersion: sourcev1beta2.GroupVersion.String(), +- Kind: sourcev1beta2.HelmRepositoryKind, ++ APIVersion: sourcev1.GroupVersion.String(), ++ Kind: sourcev1.HelmRepositoryKind, + Name: repoName, + Controller: &tRue, + BlockOwnerDeletion: &tRue, +@@ -353,45 +353,45 @@ func repoRef(id, namespace string) *corev1.PackageRepositoryReference { + } + } + +-func newCtrlClient(repos []sourcev1beta2.HelmRepository, charts []sourcev1beta2.HelmChart, releases []helmv2beta2.HelmRelease) withWatchWrapper { ++func newCtrlClient(repos []sourcev1.HelmRepository, charts []sourcev1.HelmChart, releases []helmv2.HelmRelease) withWatchWrapper { + // register the flux GitOps Toolkit schema definitions + scheme := runtime.NewScheme() +- err := sourcev1beta2.AddToScheme(scheme) ++ err := sourcev1.AddToScheme(scheme) + if err != nil { + log.Fatal(err) + } +- err = helmv2beta2.AddToScheme(scheme) ++ err = helmv2.AddToScheme(scheme) + if err != nil { + log.Fatal(err) + } + +- rm := apimeta.NewDefaultRESTMapper([]schema.GroupVersion{sourcev1beta2.GroupVersion, helmv2beta2.GroupVersion}) ++ rm := apimeta.NewDefaultRESTMapper([]schema.GroupVersion{sourcev1.GroupVersion, helmv2.GroupVersion}) + rm.Add(schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmRepositoryKind}, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmRepositoryKind}, + apimeta.RESTScopeNamespace) + rm.Add(schema.GroupVersionKind{ +- Group: sourcev1beta2.GroupVersion.Group, +- Version: sourcev1beta2.GroupVersion.Version, +- Kind: sourcev1beta2.HelmChartKind}, ++ Group: sourcev1.GroupVersion.Group, ++ Version: sourcev1.GroupVersion.Version, ++ Kind: sourcev1.HelmChartKind}, + apimeta.RESTScopeNamespace) + rm.Add(schema.GroupVersionKind{ +- Group: helmv2beta2.GroupVersion.Group, +- Version: helmv2beta2.GroupVersion.Version, +- Kind: helmv2beta2.HelmReleaseKind}, ++ Group: helmv2.GroupVersion.Group, ++ Version: helmv2.GroupVersion.Version, ++ Kind: helmv2.HelmReleaseKind}, + apimeta.RESTScopeNamespace) + + ctrlClientBuilder := ctrlfake.NewClientBuilder().WithScheme(scheme).WithRESTMapper(rm) + initLists := []client.ObjectList{} + if len(repos) > 0 { +- initLists = append(initLists, &sourcev1beta2.HelmRepositoryList{Items: repos}) ++ initLists = append(initLists, &sourcev1.HelmRepositoryList{Items: repos}) + } + if len(charts) > 0 { +- initLists = append(initLists, &sourcev1beta2.HelmChartList{Items: charts}) ++ initLists = append(initLists, &sourcev1.HelmChartList{Items: charts}) + } + if len(releases) > 0 { +- initLists = append(initLists, &helmv2beta2.HelmReleaseList{Items: releases}) ++ initLists = append(initLists, &helmv2.HelmReleaseList{Items: releases}) + } + if len(initLists) > 0 { + ctrlClientBuilder = ctrlClientBuilder.WithLists(initLists...) +diff --git a/go.mod b/go.mod +index fe893591e..6d380a0cf 100644 +--- a/go.mod ++++ b/go.mod +@@ -3,7 +3,9 @@ + + module github.com/vmware-tanzu/kubeapps + +-go 1.22 ++go 1.22.0 ++ ++toolchain go1.22.2 + + require ( + carvel.dev/vendir v0.40.0 +@@ -18,11 +20,11 @@ require ( + github.com/disintegration/imaging v1.6.2 + github.com/distribution/reference v0.6.0 + github.com/docker/cli v26.0.0+incompatible +- github.com/fluxcd/helm-controller/api v0.37.4 +- github.com/fluxcd/pkg/apis/meta v1.4.0 +- github.com/fluxcd/pkg/oci v0.36.0 +- github.com/fluxcd/pkg/version v0.3.0 +- github.com/fluxcd/source-controller/api v1.2.5 ++ github.com/fluxcd/helm-controller/api v1.0.1 ++ github.com/fluxcd/pkg/apis/meta v1.5.0 ++ github.com/fluxcd/pkg/oci v0.37.1 ++ github.com/fluxcd/pkg/version v0.4.0 ++ github.com/fluxcd/source-controller/api v1.3.0 + github.com/go-redis/redis/v8 v8.11.5 + github.com/go-redis/redismock/v8 v8.11.5 + github.com/google/go-cmp v0.6.0 +@@ -52,28 +54,28 @@ require ( + google.golang.org/protobuf v1.33.0 + gopkg.in/yaml.v3 v3.0.1 + helm.sh/helm/v3 v3.14.3 +- k8s.io/api v0.29.3 +- k8s.io/apiextensions-apiserver v0.29.3 +- k8s.io/apimachinery v0.29.3 +- k8s.io/apiserver v0.29.3 ++ k8s.io/api v0.30.0 ++ k8s.io/apiextensions-apiserver v0.30.0 ++ k8s.io/apimachinery v0.30.0 ++ k8s.io/apiserver v0.30.0 + k8s.io/cli-runtime v0.29.3 +- k8s.io/client-go v0.29.3 ++ k8s.io/client-go v0.30.0 + k8s.io/klog/v2 v2.120.1 + k8s.io/kubectl v0.29.3 + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 + oras.land/oras-go v1.2.5 + oras.land/oras-go/v2 v2.5.0 +- sigs.k8s.io/controller-runtime v0.17.2 ++ sigs.k8s.io/controller-runtime v0.18.1 + sigs.k8s.io/yaml v1.4.0 + ) + + require ( + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect +- github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 // indirect +- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect ++ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect ++ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect +- github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect ++ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/MakeNowJust/heredoc v1.0.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect +@@ -82,8 +84,8 @@ require ( + github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect +- github.com/aws/aws-sdk-go-v2/config v1.27.10 // indirect +- github.com/aws/aws-sdk-go-v2/credentials v1.17.10 // indirect ++ github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect ++ github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect +@@ -91,7 +93,7 @@ require ( + github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect +- github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect ++ github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/smithy-go v1.20.2 // indirect +@@ -113,13 +115,13 @@ require ( + github.com/docker/go-metrics v0.0.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.7.0+incompatible // indirect +- github.com/evanphx/json-patch/v5 v5.8.0 // indirect ++ github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect + github.com/fatih/camelcase v1.0.0 // indirect + github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect +- github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect +- github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect ++ github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect ++ github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect + github.com/go-errors/errors v1.4.2 // indirect +@@ -131,7 +133,7 @@ require ( + github.com/go-openapi/swag v0.22.4 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/gogo/protobuf v1.3.2 // indirect +- github.com/golang-jwt/jwt/v5 v5.2.0 // indirect ++ github.com/golang-jwt/jwt/v5 v5.2.1 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.2 // indirect +@@ -217,19 +219,18 @@ require ( + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/image v0.10.0 // indirect +- golang.org/x/oauth2 v0.17.0 // indirect ++ golang.org/x/oauth2 v0.19.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect +- google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240325203815-454cdb8f5daa // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect +- k8s.io/component-base v0.29.3 // indirect +- k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e // indirect ++ k8s.io/component-base v0.30.0 // indirect ++ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect +diff --git a/go.sum b/go.sum +index 4e1af959d..0d7a395a6 100644 +--- a/go.sum ++++ b/go.sum +@@ -50,16 +50,16 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 + dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 h1:U/kwEXj0Y+1REAkV4kV8VO1CsEp8tSaQDG/7qC5XuqQ= +-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= +-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= ++github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= ++github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= ++github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= ++github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= +-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= ++github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= ++github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= + github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= + github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= + github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +@@ -103,10 +103,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= + github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= + github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +-github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro= +-github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs= +-github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10= +-github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI= ++github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= ++github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= ++github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= ++github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= +@@ -121,8 +121,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= +-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8= +-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= ++github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= ++github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= +@@ -243,8 +243,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 + github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= + github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= + github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +-github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +-github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= ++github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= ++github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= + github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= +@@ -256,20 +256,20 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= + github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= + github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= + github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +-github.com/fluxcd/helm-controller/api v0.37.4 h1:rkBMqYXexyf1s5BS8QpxGi691DsCi+yugIFCM5fNKLU= +-github.com/fluxcd/helm-controller/api v0.37.4/go.mod h1:KFdP5Lbrc4Vv+Jt4xRj6UUo3qiwdBqBPl1xiiAnBe9c= +-github.com/fluxcd/pkg/apis/acl v0.1.0 h1:EoAl377hDQYL3WqanWCdifauXqXbMyFuK82NnX6pH4Q= +-github.com/fluxcd/pkg/apis/acl v0.1.0/go.mod h1:zfEZzz169Oap034EsDhmCAGgnWlcWmIObZjYMusoXS8= +-github.com/fluxcd/pkg/apis/kustomize v1.3.0 h1:qvB46CfaOWcL1SyR2RiVWN/j7/035D0OtB1ltLN7rgI= +-github.com/fluxcd/pkg/apis/kustomize v1.3.0/go.mod h1:PCXf5kktTzNav0aH2Ns3jsowqwmA9xTcsrEOoPzx/K8= +-github.com/fluxcd/pkg/apis/meta v1.4.0 h1:nNdgB6FFHP3cubxZCViaCFDUVlAbpq9+hvKEIveOGMg= +-github.com/fluxcd/pkg/apis/meta v1.4.0/go.mod h1:81sZ01ShTuLc1C3M1dFJNkINareBysvmrO1b8zJFFKs= +-github.com/fluxcd/pkg/oci v0.36.0 h1:bC+Qkm6p8rN72McArNwYFjI9bt7M2vn6mnt7i/vOWv0= +-github.com/fluxcd/pkg/oci v0.36.0/go.mod h1:ocWsg1tjhjlIpdpdw0xZz7q9YQH8YzcrN1wi+Az0t7E= +-github.com/fluxcd/pkg/version v0.3.0 h1:+GSU3QKQK66Y09+cQMAEoyh7j4S0ZimXF6MyGgJwZB4= +-github.com/fluxcd/pkg/version v0.3.0/go.mod h1:NO3/EuKNn9g6aw9NN85Hdrz+5CVx90KZC6rPsOmgvVI= +-github.com/fluxcd/source-controller/api v1.2.5 h1:MgGrOfPh7Grhl40GUM9lEs+lmgTx3hLAwI0MVqaJkQ8= +-github.com/fluxcd/source-controller/api v1.2.5/go.mod h1:j3QSHpIPBP5sjaGIkVtsgWCx8JcOmcsutRmdJmRMOZg= ++github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= ++github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= ++github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= ++github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= ++github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= ++github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= ++github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= ++github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= ++github.com/fluxcd/pkg/oci v0.37.1 h1:p4rfCHZlBWL+Q5Xey51iiBRmoje0IevCBT0/r8iae3M= ++github.com/fluxcd/pkg/oci v0.37.1/go.mod h1:LrVuX6VACenJ5ycQJxec+I7YJegCsE4nzRUV+6RuxcY= ++github.com/fluxcd/pkg/version v0.4.0 h1:3F6oeIZ+ug/f7pALIBhcUhfURel37EPPOn7nsGfsnOg= ++github.com/fluxcd/pkg/version v0.4.0/go.mod h1:izVsSDxac81qWRmpOL9qcxZYx+zAN1ajoP5SidGP6PA= ++github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= ++github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= + github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= + github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= + github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +@@ -332,8 +332,8 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x + github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= + github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= + github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= ++github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= ++github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= + github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= + github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= + github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +@@ -650,14 +650,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv + github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= + github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= + github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +-github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +-github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= ++github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= ++github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= + github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= + github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= + github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= + github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= +-github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +-github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= ++github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= ++github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= + github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= + github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= + github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +@@ -931,8 +931,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= + golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= + golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= ++golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= ++golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= + golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= + golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= + golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +@@ -999,8 +999,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ + golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= + golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= + golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= ++golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= ++golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +@@ -1119,7 +1119,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= + golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= + golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +@@ -1188,8 +1187,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= + golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= + golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= + golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +-golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= ++golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= ++golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= + golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +@@ -1236,8 +1235,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww + google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= + google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= + google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= + google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= + google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= + google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +@@ -1393,24 +1390,24 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh + honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= + honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= + honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +-k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +-k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +-k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= +-k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= +-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +-k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE= +-k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs= ++k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= ++k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= ++k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= ++k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= ++k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= ++k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= ++k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= ++k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= + k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k= + k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM= +-k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +-k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +-k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= +-k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= ++k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= ++k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= ++k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= ++k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= + k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= + k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +-k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e h1:snPmy96t93RredGRjKfMFt+gvxuVAncqSAyBveJtr4Q= +-k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= ++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= ++k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= + k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us= + k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4= + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +@@ -1422,8 +1419,8 @@ oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZH + rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= + rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= + rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +-sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +-sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= ++sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= ++sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= diff --git a/packages/system/dashboard/images/kubeapps-apis/labels.diff b/packages/system/dashboard/images/kubeapps-apis/labels.diff index 23bcdc93..e3b1823f 100644 --- a/packages/system/dashboard/images/kubeapps-apis/labels.diff +++ b/packages/system/dashboard/images/kubeapps-apis/labels.diff @@ -16,7 +16,7 @@ index c489cb6ca..8884a6484 100644 @@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header, // see any results created/updated/deleted after the first request is issued // To fix this, we must make use of resourceVersion := relList.GetResourceVersion() - var relList helmv2beta2.HelmReleaseList + var relList helmv2.HelmReleaseList - if err = client.List(ctx, &relList); err != nil { + listOptions := ctrlclient.ListOptions{ + LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}), @@ -33,8 +33,8 @@ index c489cb6ca..8884a6484 100644 + "cozystack.io/ui": "true", + }, }, - Spec: helmv2beta2.HelmReleaseSpec{ - Chart: helmv2beta2.HelmChartTemplate{ + Spec: helmv2.HelmReleaseSpec{ + Chart: helmv2.HelmChartTemplate{ diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go index 790b21514..539276a17 100644 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go @@ -49,7 +49,7 @@ index 790b21514..539276a17 100644 log "k8s.io/klog/v2" @@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header, - var repoList sourcev1beta2.HelmRepositoryList + var repoList sourcev1.HelmRepositoryList listOptions := ctrlclient.ListOptions{ - Namespace: ns, + Namespace: ns, @@ -65,5 +65,5 @@ index 790b21514..539276a17 100644 + "cozystack.io/ui": "true", + }, }, - Spec: sourcev1beta2.HelmRepositorySpec{ + Spec: sourcev1.HelmRepositorySpec{ URL: url, diff --git a/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff b/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff index f4f9b20a..74e3e738 100644 --- a/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff +++ b/packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff @@ -3,7 +3,7 @@ index 8884a6484..4bf77071c 100644 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go +++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go @@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp - Kind: sourcev1beta2.HelmRepositoryKind, + Kind: sourcev1.HelmRepositoryKind, Namespace: chart.Repo.Namespace, }, + ReconcileStrategy: "Revision", From b8e5309fc4b718147417e90297243e3e16e4bda5 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 24 Jun 2024 13:14:11 +0200 Subject: [PATCH 4/5] Refactor fluxcd 2.3 update (#172) Signed-off-by: Andrei Kvapil --- packages/core/fluxcd/Makefile | 6 ++- .../flux-operator/templates/deployment.yaml | 4 +- .../charts/flux-operator/values.schema.json | 7 --- .../fluxcd/charts/flux-operator/values.yaml | 3 -- packages/core/fluxcd/flux-customizations.yaml | 35 ------------- packages/core/fluxcd/patches/hostNetwork.diff | 52 +++++++++++++++++++ .../core/fluxcd/patches/kubernetesEnvs.diff | 12 +++++ packages/core/fluxcd/templates/_helpers.tpl | 13 +++++ packages/core/fluxcd/values.yaml | 43 ++++++++++++++- packages/core/fluxcd/valuesFile.yaml | 11 ---- .../templates/allow-from-kubeapps.yaml | 14 ----- 11 files changed, 124 insertions(+), 76 deletions(-) delete mode 100644 packages/core/fluxcd/flux-customizations.yaml create mode 100644 packages/core/fluxcd/patches/hostNetwork.diff create mode 100644 packages/core/fluxcd/patches/kubernetesEnvs.diff create mode 100644 packages/core/fluxcd/templates/_helpers.tpl delete mode 100644 packages/core/fluxcd/valuesFile.yaml delete mode 100644 packages/system/dashboard/templates/allow-from-kubeapps.yaml diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index f8bab3e7..fb20faf1 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -7,13 +7,15 @@ show: helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) apply: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml -f flux-customizations.yaml \ + helm template -n $(NAMESPACE) $(NAME) . --no-hooks \ --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f- diff: - helm template -n $(NAMESPACE) $(NAME) . --no-hooks -f valuesFile.yaml -f flux-customizations.yaml \ + helm template -n $(NAMESPACE) $(NAME) . --no-hooks \ --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- update: rm -rf charts helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts + patch -p1 --no-backup-if-mismatch < patches/hostNetwork.diff + patch -p1 --no-backup-if-mismatch < patches/kubernetesEnvs.diff diff --git a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml index a1b1fa1f..5ad96a88 100644 --- a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml +++ b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml @@ -58,9 +58,7 @@ spec: - name: MARKETPLACE_LICENSE value: {{ . }} {{- end }} - {{- if .Values.extraEnvs }} - {{- toYaml .Values.extraEnvs | nindent 12 }} - {{- end }} + {{- include "cozy.kubernetes_envs" . | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/packages/core/fluxcd/charts/flux-operator/values.schema.json b/packages/core/fluxcd/charts/flux-operator/values.schema.json index c00230f7..64270a70 100644 --- a/packages/core/fluxcd/charts/flux-operator/values.schema.json +++ b/packages/core/fluxcd/charts/flux-operator/values.schema.json @@ -71,13 +71,6 @@ "properties": {}, "type": "object" }, - "extraEnvs": { - "items": { - "type": "object" - }, - "type": "array", - "uniqueItems": true - }, "fullnameOverride": { "type": "string" }, diff --git a/packages/core/fluxcd/charts/flux-operator/values.yaml b/packages/core/fluxcd/charts/flux-operator/values.yaml index 83d7eec5..7ecefc00 100644 --- a/packages/core/fluxcd/charts/flux-operator/values.yaml +++ b/packages/core/fluxcd/charts/flux-operator/values.yaml @@ -90,6 +90,3 @@ marketplace: # -- If `true`, start flux-operator in hostNetwork mode. hostNetwork: false - -# -- Add environment variables eg. for kubeprism KUBERNETES_SERVICE_HOST and _PORT -extraEnvs: [ ] diff --git a/packages/core/fluxcd/flux-customizations.yaml b/packages/core/fluxcd/flux-customizations.yaml deleted file mode 100644 index faacac59..00000000 --- a/packages/core/fluxcd/flux-customizations.yaml +++ /dev/null @@ -1,35 +0,0 @@ -fluxInstance: - kustomize: - patches: - - target: - kind: Deployment - name: "(kustomize-controller|helm-controller|source-controller)" - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=20 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --requeue-dependency=5s - - op: replace - path: /spec/template/spec/containers/0/resources/limits - value: - cpu: 2000m - memory: 2048Mi - - target: - kind: Deployment - name: source-controller - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --storage-adv-addr=source-controller - - op: add - path: /spec/template/spec/containers/0/args/- - value: --events-addr=http://notification-controller/ - - target: - kind: Deployment - name: (kustomize-controller|helm-controller|image-reflector-controller|image-automation-controller) - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --events-addr=http://notification-controller/ diff --git a/packages/core/fluxcd/patches/hostNetwork.diff b/packages/core/fluxcd/patches/hostNetwork.diff new file mode 100644 index 00000000..89766ab0 --- /dev/null +++ b/packages/core/fluxcd/patches/hostNetwork.diff @@ -0,0 +1,52 @@ +diff --git a/charts/flux-operator/README.md b/charts/flux-operator/README.md +index 071e024..2fccc5f 100644 +--- a/charts/flux-operator/README.md ++++ b/charts/flux-operator/README.md +@@ -36,6 +36,7 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/) + | commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | + | commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | + | fullnameOverride | string | `""` | | ++| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. | + | image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | + | installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | + | livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | +diff --git a/charts/flux-operator/templates/deployment.yaml b/charts/flux-operator/templates/deployment.yaml +index 2d75821..8ffd8d8 100644 +--- a/charts/flux-operator/templates/deployment.yaml ++++ b/charts/flux-operator/templates/deployment.yaml +@@ -40,6 +40,9 @@ spec: + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} ++ {{- if .Values.hostNetwork }} ++ hostNetwork: true ++ {{- end }} + containers: + - name: manager + env: +diff --git a/charts/flux-operator/values.schema.json b/charts/flux-operator/values.schema.json +index 85e4d02..64270a7 100644 +--- a/charts/flux-operator/values.schema.json ++++ b/charts/flux-operator/values.schema.json +@@ -74,6 +74,10 @@ + "fullnameOverride": { + "type": "string" + }, ++ "hostNetwork": { ++ "default": false, ++ "type": "boolean" ++ }, + "image": { + "properties": { + "pullSecrets": { +diff --git a/charts/flux-operator/values.yaml b/charts/flux-operator/values.yaml +index 59b8a23..7ecefc0 100644 +--- a/charts/flux-operator/values.yaml ++++ b/charts/flux-operator/values.yaml +@@ -87,3 +87,6 @@ tolerations: [ ] # @schema item: object ; uniqueItems: true + marketplace: + license: "" + account: "" ++ ++# -- If `true`, start flux-operator in hostNetwork mode. ++hostNetwork: false diff --git a/packages/core/fluxcd/patches/kubernetesEnvs.diff b/packages/core/fluxcd/patches/kubernetesEnvs.diff new file mode 100644 index 00000000..12c00fff --- /dev/null +++ b/packages/core/fluxcd/patches/kubernetesEnvs.diff @@ -0,0 +1,12 @@ +diff --git a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml +index 8ffd8d8..5ad96a8 100644 +--- a/charts/flux-operator/templates/deployment.yaml ++++ b/charts/flux-operator/templates/deployment.yaml +@@ -58,6 +58,7 @@ spec: + - name: MARKETPLACE_LICENSE + value: {{ . }} + {{- end }} ++ {{- include "cozy.kubernetes_envs" . | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/packages/core/fluxcd/templates/_helpers.tpl b/packages/core/fluxcd/templates/_helpers.tpl new file mode 100644 index 00000000..e22979ba --- /dev/null +++ b/packages/core/fluxcd/templates/_helpers.tpl @@ -0,0 +1,13 @@ +{{- define "cozy.kubernetes_envs" }} +{{- $cozyDeployment := lookup "apps/v1" "Deployment" "cozy-system" "cozystack" }} +{{- $cozyContainers := dig "spec" "template" "spec" "containers" dict $cozyDeployment }} +{{- range $cozyContainers }} +{{- if eq .name "cozystack" }} +{{- range .env }} +{{- if has .name (list "KUBERNETES_SERVICE_HOST" "KUBERNETES_SERVICE_PORT") }} +- {{ toJson . }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/packages/core/fluxcd/values.yaml b/packages/core/fluxcd/values.yaml index 8e13df1c..0bc3466d 100644 --- a/packages/core/fluxcd/values.yaml +++ b/packages/core/fluxcd/values.yaml @@ -1,3 +1,10 @@ +flux-operator: + tolerations: + - key: node.kubernetes.io/not-ready + operator: Exists + effect: NoSchedule + hostNetwork: true + fluxInstance: # cluster: # domain: cozy.local @@ -10,4 +17,38 @@ fluxInstance: - helm-controller - notification-controller - image-reflector-controller - - image-automation-controller \ No newline at end of file + - image-automation-controller + kustomize: + patches: + - target: + kind: Deployment + name: "(kustomize-controller|helm-controller|source-controller)" + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=20 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + - op: replace + path: /spec/template/spec/containers/0/resources/limits + value: + cpu: 2000m + memory: 2048Mi + - target: + kind: Deployment + name: source-controller + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --storage-adv-addr=source-controller.cozy-fluxcd.svc + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller.cozy-fluxcd.svc/ + - target: + kind: Deployment + name: (kustomize-controller|helm-controller|image-reflector-controller|image-automation-controller) + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --events-addr=http://notification-controller.cozy-fluxcd.svc/ diff --git a/packages/core/fluxcd/valuesFile.yaml b/packages/core/fluxcd/valuesFile.yaml deleted file mode 100644 index 23694817..00000000 --- a/packages/core/fluxcd/valuesFile.yaml +++ /dev/null @@ -1,11 +0,0 @@ -flux-operator: - tolerations: - - key: node.kubernetes.io/not-ready - operator: Exists - effect: NoSchedule - hostNetwork: true - extraEnvs: - - name: KUBERNETES_SERVICE_HOST - value: localhost - - name: KUBERNETES_SERVICE_PORT - value: "7445" diff --git a/packages/system/dashboard/templates/allow-from-kubeapps.yaml b/packages/system/dashboard/templates/allow-from-kubeapps.yaml deleted file mode 100644 index c8850d88..00000000 --- a/packages/system/dashboard/templates/allow-from-kubeapps.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-dashboard - namespace: cozy-fluxcd -spec: - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: cozy-dashboard - podSelector: {} - policyTypes: - - Ingress From 73b6f7f962dd3633f3fa4248e7317885f957a1a6 Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Mon, 24 Jun 2024 07:24:37 -0400 Subject: [PATCH 5/5] Flux Operator 0.6 (#178) This PR upgrades to Flux-Operator 0.6 released this morning, also includes: * #170 which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it. I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release. Ref: https://github.com/controlplaneio-fluxcd/flux-operator/pull/52 Signed-off-by: Andrei Kvapil --- packages/core/fluxcd/Makefile | 1 - .../fluxcd/charts/flux-operator/Chart.yaml | 4 +- .../fluxcd/charts/flux-operator/README.md | 9 +- .../charts/flux-operator/templates/crds.yaml | 284 ++++++++++++++++++ .../flux-operator/templates/deployment.yaml | 9 +- .../templates/serviceaccount.yaml | 2 + .../charts/flux-operator/values.schema.json | 13 + .../fluxcd/charts/flux-operator/values.yaml | 9 +- packages/core/fluxcd/patches/hostNetwork.diff | 52 ---- .../core/fluxcd/patches/kubernetesEnvs.diff | 4 +- .../core/fluxcd/templates/flux-instance.yaml | 5 +- packages/core/fluxcd/values.yaml | 5 +- packages/core/installer/images/cozystack.json | 6 +- .../templates/allow-from-kubeapps.yaml | 14 + 14 files changed, 347 insertions(+), 70 deletions(-) delete mode 100644 packages/core/fluxcd/patches/hostNetwork.diff create mode 100644 packages/system/dashboard/templates/allow-from-kubeapps.yaml diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index fb20faf1..44897f9f 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -17,5 +17,4 @@ diff: update: rm -rf charts helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts - patch -p1 --no-backup-if-mismatch < patches/hostNetwork.diff patch -p1 --no-backup-if-mismatch < patches/kubernetesEnvs.diff diff --git a/packages/core/fluxcd/charts/flux-operator/Chart.yaml b/packages/core/fluxcd/charts/flux-operator/Chart.yaml index 695e3a09..4d13ecdb 100644 --- a/packages/core/fluxcd/charts/flux-operator/Chart.yaml +++ b/packages/core/fluxcd/charts/flux-operator/Chart.yaml @@ -8,7 +8,7 @@ annotations: - name: Upstream Project url: https://github.com/controlplaneio-fluxcd/flux-operator apiVersion: v2 -appVersion: v0.4.0 +appVersion: v0.6.0 description: 'A Helm chart for deploying the Flux Operator. ' home: https://github.com/controlplaneio-fluxcd icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png @@ -27,4 +27,4 @@ sources: - https://github.com/controlplaneio-fluxcd/flux-operator - https://github.com/controlplaneio-fluxcd/charts type: application -version: 0.4.0 +version: 0.6.0 diff --git a/packages/core/fluxcd/charts/flux-operator/README.md b/packages/core/fluxcd/charts/flux-operator/README.md index 2fccc5fe..7fea50d7 100644 --- a/packages/core/fluxcd/charts/flux-operator/README.md +++ b/packages/core/fluxcd/charts/flux-operator/README.md @@ -1,6 +1,6 @@ # flux-operator -![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.0](https://img.shields.io/badge/AppVersion-v0.4.0-informational?style=flat-square) +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square) The [Flux Operator](https://github.com/controlplaneio-fluxcd) provides a declarative API for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the @@ -35,19 +35,20 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/) | affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}` | Pod affinity and anti-affinity settings. | | commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | | commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | +| extraEnvs | list | `[]` | Container extra environment variables. | | fullnameOverride | string | `""` | | -| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. | +| hostNetwork | bool | `false` | If `true`, the container ports (`8080` and `8081`) are exposed on the host network. | | image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | | installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | | livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | -| marketplace | object | `{"account":"","license":""}` | Marketplace settings. | +| marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. | | nameOverride | string | `""` | | | podSecurityContext | object | `{}` | Pod security context settings. | | priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. | | readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. | | resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. | -| serviceAccount | object | `{"automount":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. | +| serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. | | tolerations | list | `[]` | Pod tolerations settings. | ## Source Code diff --git a/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml b/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml index 6a61979e..ff6dfe83 100644 --- a/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml +++ b/packages/core/fluxcd/charts/flux-operator/templates/crds.yaml @@ -112,6 +112,13 @@ spec: description: Distribution specifies the version and container registry to pull images from. properties: + artifact: + description: |- + Artifact is the URL to the OCI artifact containing + the latest Kubernetes manifests for the distribution, + e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'. + pattern: ^oci://.*$ + type: string imagePullSecret: description: |- ImagePullSecret is the name of the Kubernetes secret @@ -417,4 +424,281 @@ spec: storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ .Chart.Name }}' + app.kubernetes.io/version: '{{ .Chart.AppVersion }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + name: fluxreports.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxReport + listKind: FluxReportList + plural: fluxreports + singular: fluxreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.distribution.entitlement + name: Entitlement + priority: 10 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime + name: LastUpdated + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxReport is the Schema for the fluxreports API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxReportSpec defines the observed state of a Flux installation. + properties: + components: + description: ComponentsStatus is the status of the Flux controller + deployments. + items: + description: FluxComponentStatus defines the observed state of a + Flux component. + properties: + image: + description: Image is the container image of the Flux component. + type: string + name: + description: Name is the name of the Flux component. + type: string + ready: + description: Ready is the readiness status of the Flux component. + type: boolean + status: + description: |- + Status is a human-readable message indicating details + about the Flux component observed state. + type: string + required: + - image + - name + - ready + - status + type: object + type: array + distribution: + description: Distribution is the version information of the Flux installation. + properties: + entitlement: + description: Entitlement is the entitlement verification status. + type: string + managedBy: + description: ManagedBy is the name of the operator managing the + Flux instance. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the distribution observed state. + type: string + version: + description: Version is the version of the Flux instance. + type: string + required: + - entitlement + - status + type: object + reconcilers: + description: |- + ReconcilersStatus is the list of Flux reconcilers and + their statistics grouped by API kind. + items: + description: FluxReconcilerStatus defines the observed state of + a Flux reconciler. + properties: + apiVersion: + description: APIVersion is the API version of the Flux resource. + type: string + kind: + description: Kind is the kind of the Flux resource. + type: string + stats: + description: Stats is the reconcile statics of the Flux resource + kind. + properties: + failing: + description: |- + Failing is the number of reconciled + resources in the Failing state. + type: integer + running: + description: |- + Running is the number of reconciled + resources in the Running state. + type: integer + suspended: + description: |- + Suspended is the number of reconciled + resources in the Suspended state. + type: integer + totalSize: + description: TotalSize is the total size of the artifacts + in storage. + type: string + required: + - failing + - running + - suspended + type: object + required: + - apiVersion + - kind + type: object + type: array + sync: + description: |- + SyncStatus is the status of the cluster sync + Source and Kustomization resources. + properties: + id: + description: ID is the identifier of the sync. + type: string + path: + description: Path is the kustomize path of the sync. + type: string + ready: + description: Ready is the readiness status of the sync. + type: boolean + source: + description: Source is the URL of the source repository. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the sync observed state. + type: string + required: + - id + - ready + - status + type: object + required: + - distribution + type: object + status: + description: FluxReportStatus defines the readiness of a FluxReport. + properties: + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml index 5ad96a88..7de88af2 100644 --- a/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml +++ b/packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "flux-operator.fullname" . }} + serviceAccountName: {{ include "flux-operator.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -50,6 +50,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- with .Values.marketplace.type }} + - name: MARKETPLACE_TYPE + value: {{ . }} + {{- end }} {{- with .Values.marketplace.account }} - name: MARKETPLACE_ACCOUNT value: {{ . }} @@ -58,6 +62,9 @@ spec: - name: MARKETPLACE_LICENSE value: {{ . }} {{- end }} + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 12 }} + {{- end }} {{- include "cozy.kubernetes_envs" . | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} diff --git a/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml b/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml index b2dcb45f..2a481a59 100644 --- a/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml +++ b/packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: @@ -13,3 +14,4 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/packages/core/fluxcd/charts/flux-operator/values.schema.json b/packages/core/fluxcd/charts/flux-operator/values.schema.json index 64270a70..1324083f 100644 --- a/packages/core/fluxcd/charts/flux-operator/values.schema.json +++ b/packages/core/fluxcd/charts/flux-operator/values.schema.json @@ -71,6 +71,13 @@ "properties": {}, "type": "object" }, + "extraEnvs": { + "items": { + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, "fullnameOverride": { "type": "string" }, @@ -140,6 +147,9 @@ }, "license": { "type": "string" + }, + "type": { + "type": "string" } }, "type": "object" @@ -274,6 +284,9 @@ "automount": { "type": "boolean" }, + "create": { + "type": "boolean" + }, "name": { "type": "string" } diff --git a/packages/core/fluxcd/charts/flux-operator/values.yaml b/packages/core/fluxcd/charts/flux-operator/values.yaml index 7ecefc00..feebdf18 100644 --- a/packages/core/fluxcd/charts/flux-operator/values.yaml +++ b/packages/core/fluxcd/charts/flux-operator/values.yaml @@ -51,6 +51,7 @@ readinessProbe: # @schema default: {"httpGet":{"path":"/readyz","port":8081},"in # -- Pod service account settings. # The name of the service account defaults to the release name. serviceAccount: # @schema default: {"create":true,"automount":true,"name":""} + create: true automount: true name: "" @@ -85,8 +86,12 @@ tolerations: [ ] # @schema item: object ; uniqueItems: true # -- Marketplace settings. marketplace: + type: "" license: "" account: "" -# -- If `true`, start flux-operator in hostNetwork mode. -hostNetwork: false +# -- If `true`, the container ports (`8080` and `8081`) are exposed on the host network. +hostNetwork: false # @schema default: false + +# -- Container extra environment variables. +extraEnvs: [ ] # @schema item: object ; uniqueItems: true diff --git a/packages/core/fluxcd/patches/hostNetwork.diff b/packages/core/fluxcd/patches/hostNetwork.diff deleted file mode 100644 index 89766ab0..00000000 --- a/packages/core/fluxcd/patches/hostNetwork.diff +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/charts/flux-operator/README.md b/charts/flux-operator/README.md -index 071e024..2fccc5f 100644 ---- a/charts/flux-operator/README.md -+++ b/charts/flux-operator/README.md -@@ -36,6 +36,7 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/) - | commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. | - | commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. | - | fullnameOverride | string | `""` | | -+| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. | - | image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. | - | installCRDs | bool | `true` | Install and upgrade the custom resource definitions. | - | livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. | -diff --git a/charts/flux-operator/templates/deployment.yaml b/charts/flux-operator/templates/deployment.yaml -index 2d75821..8ffd8d8 100644 ---- a/charts/flux-operator/templates/deployment.yaml -+++ b/charts/flux-operator/templates/deployment.yaml -@@ -40,6 +40,9 @@ spec: - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} -+ {{- if .Values.hostNetwork }} -+ hostNetwork: true -+ {{- end }} - containers: - - name: manager - env: -diff --git a/charts/flux-operator/values.schema.json b/charts/flux-operator/values.schema.json -index 85e4d02..64270a7 100644 ---- a/charts/flux-operator/values.schema.json -+++ b/charts/flux-operator/values.schema.json -@@ -74,6 +74,10 @@ - "fullnameOverride": { - "type": "string" - }, -+ "hostNetwork": { -+ "default": false, -+ "type": "boolean" -+ }, - "image": { - "properties": { - "pullSecrets": { -diff --git a/charts/flux-operator/values.yaml b/charts/flux-operator/values.yaml -index 59b8a23..7ecefc0 100644 ---- a/charts/flux-operator/values.yaml -+++ b/charts/flux-operator/values.yaml -@@ -87,3 +87,6 @@ tolerations: [ ] # @schema item: object ; uniqueItems: true - marketplace: - license: "" - account: "" -+ -+# -- If `true`, start flux-operator in hostNetwork mode. -+hostNetwork: false diff --git a/packages/core/fluxcd/patches/kubernetesEnvs.diff b/packages/core/fluxcd/patches/kubernetesEnvs.diff index 12c00fff..1c9c1c39 100644 --- a/packages/core/fluxcd/patches/kubernetesEnvs.diff +++ b/packages/core/fluxcd/patches/kubernetesEnvs.diff @@ -3,8 +3,8 @@ index 8ffd8d8..5ad96a8 100644 --- a/charts/flux-operator/templates/deployment.yaml +++ b/charts/flux-operator/templates/deployment.yaml @@ -58,6 +58,7 @@ spec: - - name: MARKETPLACE_LICENSE - value: {{ . }} + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 12 }} {{- end }} + {{- include "cozy.kubernetes_envs" . | nindent 12 }} securityContext: diff --git a/packages/core/fluxcd/templates/flux-instance.yaml b/packages/core/fluxcd/templates/flux-instance.yaml index 12999f66..20887794 100644 --- a/packages/core/fluxcd/templates/flux-instance.yaml +++ b/packages/core/fluxcd/templates/flux-instance.yaml @@ -5,6 +5,9 @@ metadata: spec: {{- with .Values.fluxInstance.cluster }} cluster: + {{- with .networkPolicy }} + networkPolicy: {{ . }} + {{- end }} {{- with .domain }} domain: {{ . }} {{- end }} @@ -19,4 +22,4 @@ spec: kustomize: {{- if .Values.fluxInstance.kustomize }} {{- toYaml .Values.fluxInstance.kustomize | nindent 4 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/packages/core/fluxcd/values.yaml b/packages/core/fluxcd/values.yaml index 0bc3466d..c5a27fe0 100644 --- a/packages/core/fluxcd/values.yaml +++ b/packages/core/fluxcd/values.yaml @@ -6,8 +6,9 @@ flux-operator: hostNetwork: true fluxInstance: - # cluster: - # domain: cozy.local + cluster: + networkPolicy: true + # domain: cozy.local distribution: version: 2.3.x registry: ghcr.io/fluxcd diff --git a/packages/core/installer/images/cozystack.json b/packages/core/installer/images/cozystack.json index 63a732c3..71b95399 100644 --- a/packages/core/installer/images/cozystack.json +++ b/packages/core/installer/images/cozystack.json @@ -1,10 +1,10 @@ { - "buildx.build.ref": "youthful_hertz/youthful_hertz0/aafwjh8j28i98f59smgh3qe86", + "buildx.build.ref": "priceless_leavitt/priceless_leavitt0/t5xx0qcox11kirc7xzxp3iwy6", "containerimage.descriptor": { "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", - "digest": "sha256:e0c0defb9f5b10f5187d4002ccec7d01841e96c7350963f253003c0efeff6cef", + "digest": "sha256:8b7ebb9d5de39214d0ffc2634c37ada2e2d2fc7ad956c455b329e857bb6e6fd1", "size": 685 }, - "containerimage.digest": "sha256:e0c0defb9f5b10f5187d4002ccec7d01841e96c7350963f253003c0efeff6cef", + "containerimage.digest": "sha256:8b7ebb9d5de39214d0ffc2634c37ada2e2d2fc7ad956c455b329e857bb6e6fd1", "image.name": "ghcr.io/aenix-io/cozystack/cozystack:latest" } \ No newline at end of file diff --git a/packages/system/dashboard/templates/allow-from-kubeapps.yaml b/packages/system/dashboard/templates/allow-from-kubeapps.yaml new file mode 100644 index 00000000..c8850d88 --- /dev/null +++ b/packages/system/dashboard/templates/allow-from-kubeapps.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-dashboard + namespace: cozy-fluxcd +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: cozy-dashboard + podSelector: {} + policyTypes: + - Ingress