pool/flux2-cli
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
flux2-cli/kustomize-controller.crds.yaml

1367 lines
67 KiB
YAML
Raw Permalink Blame History

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
names:
kind: Kustomization
listKind: KustomizationList
plural: kustomizations
shortNames:
- ks
singular: kustomization
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
KustomizationSpec defines the configuration to calculate the desired state
from a Source using Kustomize.
properties:
commonMetadata:
description: |-
CommonMetadata specifies the common labels and annotations that are
applied to all resources. Any existing label or annotation will be
overridden if its key matches a common one.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to the object's metadata.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to the object's metadata.
type: object
type: object
components:
description: Components specifies relative paths to kustomize Components.
items:
type: string
type: array
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description: Provider is the name of the decryption engine.
enum:
- sops
type: string
secretRef:
description: |-
The secret name containing the private OpenPGP keys used for decryption.
A static credential for a cloud provider defined inside the Secret
takes priority to secret-less authentication with the ServiceAccountName
field.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: |-
ServiceAccountName is the name of the service account used to
authenticate with KMS services from cloud providers. If a
static credential for a given cloud provider is defined
inside the Secret referenced by SecretRef, that static
credential takes priority.
type: string
required:
- provider
type: object
deletionPolicy:
description: |-
DeletionPolicy can be used to control garbage collection when this
Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete',
'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field
(orphan if false, delete if true). Defaults to 'MirrorPrune'.
enum:
- MirrorPrune
- Delete
- WaitForTermination
- Orphan
type: string
dependsOn:
description: |-
DependsOn may contain a DependencyReference slice
with references to Kustomization resources that must be ready before this
Kustomization can be reconciled.
items:
description: DependencyReference defines a Kustomization dependency
on another Kustomization resource.
properties:
name:
description: Name of the referent.
type: string
namespace:
description: |-
Namespace of the referent, defaults to the namespace of the Kustomization
resource object that contains the reference.
type: string
readyExpr:
description: |-
ReadyExpr is a CEL expression that can be used to assess the readiness
of a dependency. When specified, the built-in readiness check
is replaced by the logic defined in the CEL expression.
To make the CEL expression additive to the built-in readiness check,
the feature gate `AdditiveCELDependencyCheck` must be set to `true`.
type: string
required:
- name
type: object
type: array
force:
default: false
description: |-
Force instructs the controller to recreate resources
when patching fails due to an immutable field change.
type: boolean
healthCheckExprs:
description: |-
HealthCheckExprs is a list of healthcheck expressions for evaluating the
health of custom resources using Common Expression Language (CEL).
The expressions are evaluated only when Wait or HealthChecks are specified.
items:
description: CustomHealthCheck defines the health check for custom
resources.
properties:
apiVersion:
description: APIVersion of the custom resource under evaluation.
type: string
current:
description: |-
Current is the CEL expression that determines if the status
of the custom resource has reached the desired state.
type: string
failed:
description: |-
Failed is the CEL expression that determines if the status
of the custom resource has failed to reach the desired state.
type: string
inProgress:
description: |-
InProgress is the CEL expression that determines if the status
of the custom resource has not yet reached the desired state.
type: string
kind:
description: Kind of the custom resource under evaluation.
type: string
required:
- apiVersion
- current
- kind
type: object
type: array
healthChecks:
description: A list of resources to be included in the health assessment.
items:
description: |-
NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
in any namespace.
properties:
apiVersion:
description: API version of the referent, if not specified the
Kubernetes preferred version will be used.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- kind
- name
type: object
type: array
ignoreMissingComponents:
description: |-
IgnoreMissingComponents instructs the controller to ignore Components paths
not found in source by removing them from the generated kustomization.yaml
before running kustomize build.
type: boolean
images:
description: |-
Images is a list of (image name, new name, new tag or digest)
for changing image names, tags or digests. This can also be achieved with a
patch, but this operator is simpler to specify.
items:
description: Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description: |-
Digest is the value used to replace the original image tag.
If digest is present NewTag value is ignored.
type: string
name:
description: Name is a tag-less image name.
type: string
newName:
description: NewName is the value used to replace the original
name.
type: string
newTag:
description: NewTag is the value used to replace the original
tag.
type: string
required:
- name
type: object
type: array
interval:
description: |-
The interval at which to reconcile the Kustomization.
This interval is approximate and may be subject to jitter to ensure
efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: |-
The KubeConfig for reconciling the Kustomization on a remote cluster.
When used in combination with KustomizationSpec.ServiceAccountName,
forces the controller to act on behalf of that Service Account at the
target cluster.
If the --default-service-account flag is set, its value will be used as
a controller level fallback for when KustomizationSpec.ServiceAccountName
is empty.
properties:
configMapRef:
description: |-
ConfigMapRef holds an optional name of a ConfigMap that contains
the following keys:
- `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or
`generic`. Required.
- `cluster`: the fully qualified resource name of the Kubernetes
cluster in the cloud provider API. Not used by the `generic`
provider. Required when one of `address` or `ca.crt` is not set.
- `address`: the address of the Kubernetes API server. Required
for `generic`. For the other providers, if not specified, the
first address in the cluster resource will be used, and if
specified, it must match one of the addresses in the cluster
resource.
If audiences is not set, will be used as the audience for the
`generic` provider.
- `ca.crt`: the optional PEM-encoded CA certificate for the
Kubernetes API server. If not set, the controller will use the
CA certificate from the cluster resource.
- `audiences`: the optional audiences as a list of
line-break-separated strings for the Kubernetes ServiceAccount
token. Defaults to the `address` for the `generic` provider, or
to specific values for the other providers depending on the
provider.
- `serviceAccountName`: the optional name of the Kubernetes
ServiceAccount in the same namespace that should be used
for authentication. If not specified, the controller
ServiceAccount will be used.
Mutually exclusive with SecretRef.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef holds an optional name of a secret that contains a key with
the kubeconfig file as the value. If no key is set, the key will default
to 'value'. Mutually exclusive with ConfigMapRef.
It is recommended that the kubeconfig is self-contained, and the secret
is regularly updated if credentials such as a cloud-access-token expire.
Cloud specific `cmd-path` auth helpers will not function without adding
binaries and credentials to the Pod that is responsible for reconciling
Kubernetes resources. Supported only for the generic provider.
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
default key is used.
type: string
name:
description: Name of the Secret.
type: string
required:
- name
type: object
type: object
x-kubernetes-validations:
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: has(self.configMapRef) || has(self.secretRef)
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: '!has(self.configMapRef) || !has(self.secretRef)'
namePrefix:
description: NamePrefix will prefix the names of all managed resources.
maxLength: 200
minLength: 1
type: string
nameSuffix:
description: NameSuffix will suffix the names of all managed resources.
maxLength: 200
minLength: 1
type: string
patches:
description: |-
Strategic merge and JSON patches, defined as inline YAML objects,
capable of targeting objects based on kind, label and annotation selectors.
items:
description: |-
Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
be applied to.
properties:
patch:
description: |-
Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description: |-
AnnotationSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type: string
group:
description: |-
Group is the API group to select resources from.
Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
kind:
description: |-
Kind of the API Group to select resources from.
Together with Group and Version it is capable of unambiguously
identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
labelSelector:
description: |-
LabelSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource labels.
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: |-
Version of the API Group to select resources from.
Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
required:
- patch
type: object
type: array
path:
description: |-
Path to the directory containing the kustomization.yaml file, or the
set of plain YAMLs a kustomization.yaml should be generated for.
Defaults to 'None', which translates to the root path of the SourceRef.
type: string
postBuild:
description: |-
PostBuild describes which actions to perform on the YAML manifest
generated by building the kustomize overlay.
properties:
substitute:
additionalProperties:
type: string
description: |-
Substitute holds a map of key/value pairs.
The variables defined in your YAML manifests that match any of the keys
defined in the map will be substituted with the set value.
Includes support for bash string replacement functions
e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
type: object
substituteFrom:
description: |-
SubstituteFrom holds references to ConfigMaps and Secrets containing
the variables and their values to be substituted in the YAML manifests.
The ConfigMap and the Secret data keys represent the var names, and they
must match the vars declared in the manifests for the substitution to
happen.
items:
description: |-
SubstituteReference contains a reference to a resource containing
the variables name and value.
properties:
kind:
description: Kind of the values referent, valid values are
('Secret', 'ConfigMap').
enum:
- Secret
- ConfigMap
type: string
name:
description: |-
Name of the values referent. Should reside in the same namespace as the
referring resource.
maxLength: 253
minLength: 1
type: string
optional:
default: false
description: |-
Optional indicates whether the referenced resource must exist, or whether to
tolerate its absence. If true and the referenced resource is absent, proceed
as if the resource was present but empty, without any variables defined.
type: boolean
required:
- kind
- name
type: object
type: array
type: object
prune:
description: Prune enables garbage collection.
type: boolean
retryInterval:
description: |-
The interval at which to retry a previously failed reconciliation.
When not specified, the controller uses the KustomizationSpec.Interval
value to retry failures.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
serviceAccountName:
description: |-
The name of the Kubernetes service account to impersonate
when reconciling this Kustomization.
type: string
sourceRef:
description: Reference of the source where the kustomization file
is.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- OCIRepository
- GitRepository
- Bucket
- ExternalArtifact
type: string
name:
description: Name of the referent.
type: string
namespace:
description: |-
Namespace of the referent, defaults to the namespace of the Kubernetes
resource object that contains the reference.
type: string
required:
- kind
- name
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent kustomize executions,
it does not apply to already started executions. Defaults to false.
type: boolean
targetNamespace:
description: |-
TargetNamespace sets or overrides the namespace in the
kustomization.yaml file.
maxLength: 63
minLength: 1
type: string
timeout:
description: |-
Timeout for validation, apply and health checking operations.
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
wait:
description: |-
Wait instructs the controller to check the health of all the reconciled
resources. When enabled, the HealthChecks are ignored. Defaults to false.
type: boolean
required:
- interval
- prune
- sourceRef
type: object
status:
default:
observedGeneration: -1
description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
history:
description: |-
History contains a set of snapshots of the last reconciliation attempts
tracking the revision, the state and the duration of each attempt.
items:
description: |-
Snapshot represents a point-in-time record of a group of resources reconciliation,
including timing information, status, and a unique digest identifier.
properties:
digest:
description: Digest is the checksum in the format `<algo>:<hex>`
of the resources in this snapshot.
type: string
firstReconciled:
description: FirstReconciled is the time when this revision
was first reconciled to the cluster.
format: date-time
type: string
lastReconciled:
description: LastReconciled is the time when this revision was
last reconciled to the cluster.
format: date-time
type: string
lastReconciledDuration:
description: LastReconciledDuration is time it took to reconcile
the resources in this revision.
type: string
lastReconciledStatus:
description: LastReconciledStatus is the status of the last
reconciliation.
type: string
metadata:
additionalProperties:
type: string
description: Metadata contains additional information about
the snapshot.
type: object
totalReconciliations:
description: TotalReconciliations is the total number of reconciliations
that have occurred for this snapshot.
format: int64
type: integer
required:
- digest
- firstReconciled
- lastReconciled
- lastReconciledDuration
- lastReconciledStatus
- totalReconciliations
type: object
type: array
inventory:
description: |-
Inventory contains the list of Kubernetes resource object references that
have been successfully applied.
properties:
entries:
description: Entries of Kubernetes resource object references.
items:
description: ResourceRef contains the information necessary
to locate a resource within a cluster.
properties:
id:
description: |-
ID is the string representation of the Kubernetes resource object's metadata,
in the format '<namespace>_<name>_<group>_<kind>'.
type: string
v:
description: Version is the API version of the Kubernetes
resource object's kind.
type: string
required:
- id
- v
type: object
type: array
required:
- entries
type: object
lastAppliedOriginRevision:
description: |-
The last successfully applied origin revision.
Equals the origin revision of the applied Artifact from the referenced Source.
Usually present on the Metadata of the applied Artifact and depends on the
Source type, e.g. for OCI it's the value associated with the key
"org.opencontainers.image.revision".
type: string
lastAppliedRevision:
description: |-
The last successfully applied revision.
Equals the Revision of the applied Artifact from the referenced Source.
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
attempt.
type: string
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KustomizationSpec defines the configuration to calculate
the desired state from a Source using Kustomize.
properties:
commonMetadata:
description: |-
CommonMetadata specifies the common labels and annotations that are applied to all resources.
Any existing label or annotation will be overridden if its key matches a common one.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to the object's metadata.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to the object's metadata.
type: object
type: object
components:
description: Components specifies relative paths to specifications
of other Components.
items:
type: string
type: array
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description: Provider is the name of the decryption engine.
enum:
- sops
type: string
secretRef:
description: The secret name containing the private OpenPGP keys
used for decryption.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- provider
type: object
dependsOn:
description: |-
DependsOn may contain a meta.NamespacedObjectReference slice
with references to Kustomization resources that must be ready before this
Kustomization can be reconciled.
items:
description: |-
NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
namespace.
properties:
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- name
type: object
type: array
force:
default: false
description: |-
Force instructs the controller to recreate resources
when patching fails due to an immutable field change.
type: boolean
healthChecks:
description: A list of resources to be included in the health assessment.
items:
description: |-
NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
in any namespace.
properties:
apiVersion:
description: API version of the referent, if not specified the
Kubernetes preferred version will be used.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- kind
- name
type: object
type: array
images:
description: |-
Images is a list of (image name, new name, new tag or digest)
for changing image names, tags or digests. This can also be achieved with a
patch, but this operator is simpler to specify.
items:
description: Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description: |-
Digest is the value used to replace the original image tag.
If digest is present NewTag value is ignored.
type: string
name:
description: Name is a tag-less image name.
type: string
newName:
description: NewName is the value used to replace the original
name.
type: string
newTag:
description: NewTag is the value used to replace the original
tag.
type: string
required:
- name
type: object
type: array
interval:
description: The interval at which to reconcile the Kustomization.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: |-
The KubeConfig for reconciling the Kustomization on a remote cluster.
When used in combination with KustomizationSpec.ServiceAccountName,
forces the controller to act on behalf of that Service Account at the
target cluster.
If the --default-service-account flag is set, its value will be used as
a controller level fallback for when KustomizationSpec.ServiceAccountName
is empty.
properties:
configMapRef:
description: |-
ConfigMapRef holds an optional name of a ConfigMap that contains
the following keys:
- `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or
`generic`. Required.
- `cluster`: the fully qualified resource name of the Kubernetes
cluster in the cloud provider API. Not used by the `generic`
provider. Required when one of `address` or `ca.crt` is not set.
- `address`: the address of the Kubernetes API server. Required
for `generic`. For the other providers, if not specified, the
first address in the cluster resource will be used, and if
specified, it must match one of the addresses in the cluster
resource.
If audiences is not set, will be used as the audience for the
`generic` provider.
- `ca.crt`: the optional PEM-encoded CA certificate for the
Kubernetes API server. If not set, the controller will use the
CA certificate from the cluster resource.
- `audiences`: the optional audiences as a list of
line-break-separated strings for the Kubernetes ServiceAccount
token. Defaults to the `address` for the `generic` provider, or
to specific values for the other providers depending on the
provider.
- `serviceAccountName`: the optional name of the Kubernetes
ServiceAccount in the same namespace that should be used
for authentication. If not specified, the controller
ServiceAccount will be used.
Mutually exclusive with SecretRef.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef holds an optional name of a secret that contains a key with
the kubeconfig file as the value. If no key is set, the key will default
to 'value'. Mutually exclusive with ConfigMapRef.
It is recommended that the kubeconfig is self-contained, and the secret
is regularly updated if credentials such as a cloud-access-token expire.
Cloud specific `cmd-path` auth helpers will not function without adding
binaries and credentials to the Pod that is responsible for reconciling
Kubernetes resources. Supported only for the generic provider.
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
default key is used.
type: string
name:
description: Name of the Secret.
type: string
required:
- name
type: object
type: object
x-kubernetes-validations:
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: has(self.configMapRef) || has(self.secretRef)
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: '!has(self.configMapRef) || !has(self.secretRef)'
patches:
description: |-
Strategic merge and JSON patches, defined as inline YAML objects,
capable of targeting objects based on kind, label and annotation selectors.
items:
description: |-
Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
be applied to.
properties:
patch:
description: |-
Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description: |-
AnnotationSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type: string
group:
description: |-
Group is the API group to select resources from.
Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
kind:
description: |-
Kind of the API Group to select resources from.
Together with Group and Version it is capable of unambiguously
identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
labelSelector:
description: |-
LabelSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource labels.
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: |-
Version of the API Group to select resources from.
Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
required:
- patch
type: object
type: array
patchesJson6902:
description: |-
JSON 6902 patches, defined as inline YAML objects.
Deprecated: Use Patches instead.
items:
description: JSON6902Patch contains a JSON6902 patch and the target
the patch should be applied to.
properties:
patch:
description: Patch contains the JSON6902 patch document with
an array of operation objects.
items:
description: |-
JSON6902 is a JSON6902 operation object.
https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
description: |-
From contains a JSON-pointer value that references a location within the target document where the operation is
performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
type: string
op:
description: |-
Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
"test".
https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- add
- replace
- move
- copy
type: string
path:
description: |-
Path contains the JSON-pointer value that references a location within the target document where the operation
is performed. The meaning of the value depends on the value of Op.
type: string
value:
description: |-
Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
account by all operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
target:
description: Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description: |-
AnnotationSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type: string
group:
description: |-
Group is the API group to select resources from.
Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
kind:
description: |-
Kind of the API Group to select resources from.
Together with Group and Version it is capable of unambiguously
identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
labelSelector:
description: |-
LabelSelector is a string that follows the label selection expression
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource labels.
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: |-
Version of the API Group to select resources from.
Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
required:
- patch
- target
type: object
type: array
patchesStrategicMerge:
description: |-
Strategic merge patches, defined as inline YAML objects.
Deprecated: Use Patches instead.
items:
x-kubernetes-preserve-unknown-fields: true
type: array
path:
description: |-
Path to the directory containing the kustomization.yaml file, or the
set of plain YAMLs a kustomization.yaml should be generated for.
Defaults to 'None', which translates to the root path of the SourceRef.
type: string
postBuild:
description: |-
PostBuild describes which actions to perform on the YAML manifest
generated by building the kustomize overlay.
properties:
substitute:
additionalProperties:
type: string
description: |-
Substitute holds a map of key/value pairs.
The variables defined in your YAML manifests
that match any of the keys defined in the map
will be substituted with the set value.
Includes support for bash string replacement functions
e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
type: object
substituteFrom:
description: |-
SubstituteFrom holds references to ConfigMaps and Secrets containing
the variables and their values to be substituted in the YAML manifests.
The ConfigMap and the Secret data keys represent the var names and they
must match the vars declared in the manifests for the substitution to happen.
items:
description: |-
SubstituteReference contains a reference to a resource containing
the variables name and value.
properties:
kind:
description: Kind of the values referent, valid values are
('Secret', 'ConfigMap').
enum:
- Secret
- ConfigMap
type: string
name:
description: |-
Name of the values referent. Should reside in the same namespace as the
referring resource.
maxLength: 253
minLength: 1
type: string
optional:
default: false
description: |-
Optional indicates whether the referenced resource must exist, or whether to
tolerate its absence. If true and the referenced resource is absent, proceed
as if the resource was present but empty, without any variables defined.
type: boolean
required:
- kind
- name
type: object
type: array
type: object
prune:
description: Prune enables garbage collection.
type: boolean
retryInterval:
description: |-
The interval at which to retry a previously failed reconciliation.
When not specified, the controller uses the KustomizationSpec.Interval
value to retry failures.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
serviceAccountName:
description: |-
The name of the Kubernetes service account to impersonate
when reconciling this Kustomization.
type: string
sourceRef:
description: Reference of the source where the kustomization file
is.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- OCIRepository
- GitRepository
- Bucket
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, defaults to the namespace
of the Kubernetes resource object that contains the reference.
type: string
required:
- kind
- name
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent kustomize executions,
it does not apply to already started executions. Defaults to false.
type: boolean
targetNamespace:
description: |-
TargetNamespace sets or overrides the namespace in the
kustomization.yaml file.
maxLength: 63
minLength: 1
type: string
timeout:
description: |-
Timeout for validation, apply and health checking operations.
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
validation:
description: 'Deprecated: Not used in v1beta2.'
enum:
- none
- client
- server
type: string
wait:
description: |-
Wait instructs the controller to check the health of all the reconciled resources.
When enabled, the HealthChecks are ignored. Defaults to false.
type: boolean
required:
- interval
- prune
- sourceRef
type: object
status:
default:
observedGeneration: -1
description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
inventory:
description: Inventory contains the list of Kubernetes resource object
references that have been successfully applied.
properties:
entries:
description: Entries of Kubernetes resource object references.
items:
description: ResourceRef contains the information necessary
to locate a resource within a cluster.
properties:
id:
description: |-
ID is the string representation of the Kubernetes resource object's metadata,
in the format '<namespace>_<name>_<group>_<kind>'.
type: string
v:
description: Version is the API version of the Kubernetes
resource object's kind.
type: string
required:
- id
- v
type: object
type: array
required:
- entries
type: object
lastAppliedRevision:
description: |-
The last successfully applied revision.
Equals the Revision of the applied Artifact from the referenced Source.
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
attempt.
type: string
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
Reference in New Issue View Git Blame Copy Permalink