rpm/flux2-cli
SHA256
1
0
Fork 0
forked from pool/flux2-cli
Code Pull Requests Activity

Compare commits

base: rpm:factory
Branches Tags
rpm:factory rpm:devel pool:factory
..
compare: pool:factory
Branches Tags
pool:factory rpm:factory rpm:devel

25 Commits
factory ... factory

Author SHA256 Message Date
Ana Guerrero
fb899030d5 Accepting request 1320357 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1320357
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=26
 2025-11-28 15:52:13 +00:00
Robert Munteanu
72f3d8f261 Update to version 2.7.5 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=57
 2025-11-27 16:20:38 +00:00
Ana Guerrero
6f5eb3c1d4 Accepting request 1319903 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1319903
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=25
 2025-11-25 15:58:35 +00:00
Robert Munteanu
f830455c6f update to 2.7.4 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=55
 2025-11-25 08:05:41 +00:00
Ana Guerrero
c36876b359 Accepting request 1314277 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1314277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=24
 2025-10-29 20:07:19 +00:00
Johannes Kastl
0a5856d95c Update to version 2.7.3: 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=53
 2025-10-29 07:23:06 +00:00
Dominique Leuenberger
d080fe5824 Accepting request 1309985 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1309985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=23
 2025-10-10 15:08:43 +00:00
Robert Munteanu
90fed2a7f2 update to 2.7.2 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=51
 2025-10-09 11:44:31 +00:00
Dominique Leuenberger
128de15924 Accepting request 1309458 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1309458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=22
 2025-10-07 16:26:52 +00:00
Robert Munteanu
9fc4dc02a1 update to 2.7.1 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=49
 2025-10-07 06:56:27 +00:00
Robert Munteanu
c8d5598531 update to 2.7.0 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=48
 2025-10-06 20:22:46 +00:00
Ana Guerrero
bc9656a564 Accepting request 1291335 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1291335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=21
 2025-07-09 15:28:02 +00:00
Robert Munteanu
3d59ed1746 Accepting request 1291237 from home:ojkastl_buildservice:Branch_devel_kubic 
update to 2.6.4

OBS-URL: https://build.opensuse.org/request/show/1291237
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=46
 2025-07-08 16:57:30 +00:00
Ana Guerrero
33e1a9ee3b Accepting request 1289404 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1289404
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=20
 2025-07-02 10:09:32 +00:00
Robert Munteanu
936bbfefbc update to 2.6.3 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=44
 2025-07-01 08:02:01 +00:00
Ana Guerrero
f83f307238 Accepting request 1286180 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1286180
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=19
 2025-06-17 16:22:20 +00:00
Johannes Kastl
bc55812c4c Update to version 2.6.2 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=42
 2025-06-16 18:55:11 +00:00
Ana Guerrero
dbf034dad5 Accepting request 1281850 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1281850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=18
 2025-06-02 20:00:52 +00:00
Robert Munteanu
beea6c6226 update to 2.6.1 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=40
 2025-06-02 09:43:31 +00:00
Dominique Leuenberger
3edb7c227f Accepting request 1248485 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1248485
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=17
 2025-02-26 16:17:30 +00:00
Robert Munteanu
52e5d968e9 update to 2.5.1 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=38
 2025-02-25 20:41:24 +00:00
Dominique Leuenberger
22b4780c20 Accepting request 1247476 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1247476
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=16
 2025-02-20 21:04:55 +00:00
Johannes Kastl
50dfbd441a Update to version 2.5.0 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=36
 2025-02-20 18:36:22 +00:00
Ana Guerrero
62584073bc Accepting request 1205744 from devel:kubic 
OBS-URL: https://build.opensuse.org/request/show/1205744
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flux2-cli?expand=0&rev=15
 2024-10-06 15:52:19 +00:00
Johannes Kastl
454727b208 update to 2.4.0 
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flux2-cli?expand=0&rev=34
 2024-10-04 19:20:48 +00:00
23 changed files with 3227 additions and 4254 deletions
Expand all files Collapse all files

15
_service
View File

@@ -3,20 +3,21 @@
<param name="url">https://github.com/fluxcd/flux2</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v2.3.0</param>
<param name="revision">v2.7.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
<param name="filename">flux2-cli</param>
</service>
<service name="set_version" mode="manual">
<param name="basename">flux2</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="go_modules" mode="manual">
</service>
<!-- services below are running at buildtime -->
<service name="tar" mode="buildtime">
</service>
<service name="recompress" mode="buildtime">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="manual">
<param name="archive">flux2-2.3.0.obscpio</param>
</service>
</services>

2
_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/fluxcd/flux2</param>
<param name="changesrevision">896e0fa46d5107a05e953dd0a5261d78a145ec8c</param></service></servicedata>
<param name="changesrevision">8454b02a32e48d775b9f563cb51fdcb1787b5b93</param></service></servicedata>

3
flux2-2.3.0.obscpio
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44c084b34738c4ca6a84d4130a55d174d0996436c168897ccaac319f43be2c05
size 2830348

3
flux2-cli-2.7.5.obscpio Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:14dee29313307d10630d0b64f70ef39c0f4d713cf5caf6e650b164ba584bb804
size 2980364

450
flux2-cli.changes
View File

@@ -1,3 +1,453 @@
-------------------------------------------------------------------
Thu Nov 27 15:06:30 UTC 2025 - Robert Munteanu <rombert@apache.org>
- Update to version 2.7.5:
* Update toolkit components
-------------------------------------------------------------------
Tue Nov 25 06:34:27 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.7.4:
Note that signature verification for OCI artifacts in
source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI
artifacts and Helm charts, until support for Cosign v3 is added
in Flux v2.8.
* Fixes:
- Add DisableConfigWatchers feature gate to all controllers for
disabling the Secrets/ConfigMaps watchers
- Fix Workload Identity for Azure China Cloud in all
controllers
- Update Helm Go SDK to v3.19.2 fixing schema validation issues
in helm-controller
- Skip secret decryption for remote kustomize patches in
kustomize-controller
- Improve post-build error reporting in kustomize-controller
- Add ArtifactGenerator to aggregated RBAC roles
* Components changelog
- source-controller v1.7.4
- kustomize-controller v1.7.3
- notification-controller v1.7.5
- helm-controller v1.4.4
- image-reflector-controller v1.0.4
- image-automation-controller v1.0.4
- source-watcher v2.0.3
* CLI changelog
- [release/v2.7.x] ci: Include source-watcher in the e2e test
suite by @fluxcdbot in #5615
- [release/v2.7.x] Add source.extensions.fluxcd.io group to
aggregated RBAC roles by @fluxcdbot in #5628
- [release/v2.7.x] Fix panic on reconcile with source of
ExternalArtifact kind by @fluxcdbot in #5631
- [release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and
helm to 3.19.2 by @fluxcdbot in #5634
- [release/v2.7.x] diff: report if object is skipped by
@fluxcdbot in #5635
- [release/v2.7.x] Update toolkit components by @fluxcdbot in
#5640
- [release/v2.7.x] Allow option to skip tenant namespace
creation by @fluxcdbot in #5642
-------------------------------------------------------------------
Tue Oct 28 22:07:10 UTC 2025 - Robert Munteanu <rombert@apache.org>
- Update to version 2.7.3:
* fix: return supported values for flags when calling Values.Type()
* Fix bootstrap e2e test for image policy
* Pin cosign to v2.6.1
* Update toolkit components
-------------------------------------------------------------------
Thu Oct 09 05:14:54 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.7.2:
* Components changelog
- source-controller v1.7.2
- kustomize-controller v1.7.1
- notification-controller v1.7.3
- helm-controller v1.4.2
- image-reflector-controller v1.0.2
- image-automation-controller v1.0.2
- source-watcher v2.0.2
* CLI changelog
- [release/v2.7.x] Fix manifest generation for
--storage-adv-addr and --events-addr flags by
@github-actions[bot] in #5575
- [release/v2.7.x] Update dependencies to Kubernetes v1.34.1
and Go 1.25.2 by @github-actions[bot] in #5577
- [release/v2.7.x] Update toolkit components by
@github-actions[bot] in #5579
-------------------------------------------------------------------
Tue Oct 07 04:56:11 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.7.1:
* Improvements:
- Extend flux migrate with support for migrating manifests in
Git repositories to the latest API versions.
- Add recommendations for configuring HelmReleases on
production environments.
* Fixes:
- Fix flux migrate command to handle managed fields properly.
- Fix self-signed TLS cert handling for public Helm
repositories in source-controller.
- Fix the default API versions used by receivers in
notification-controller.
- Fix redundant Ready condition patching in helm-controller.
- Fix workload identity configuration examples for kubeconfig
in helm-controller and kustomize-controller.
* Components changelog
- source-controller v1.7.1
- notification-controller v1.7.2
- helm-controller v1.4.1
* CLI changelog
- [release/v2.7.x] Backport CI fixes and updates by
@matheuscscp in #5552
- [release/v2.7.x] Fix flux push artifact not working with
--provider by @github-actions[bot] in #5553
- [release/v2.7.x] Extend flux migrate to work with local files
by @github-actions[bot] in #5557
- [release/v2.7.x] Improve flux migrate for live cluster
migrations by @github-actions[bot] in #5559
- [release/v2.7.x] Fix flux migrate -f command to work with
comments by @github-actions[bot] in #5561
- [release/v2.7.x] Fix flux migrate -f not considering kind
comments by @github-actions[bot] in #5564
- [release/v2.7.x] Update toolkit components by
@github-actions[bot] in #5569
- [release/v2.7.x] Disable AUR publishing by
@github-actions[bot] in #5571
-------------------------------------------------------------------
Wed Oct 01 08:22:32 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.7.0:
https://github.com/fluxcd/flux2/releases/tag/v2.7.0
CLI changelog
* Add backport label for v2.6.x by @stefanprodan in #5379
* Update image-reflector-controller to v0.35.1 by @fluxcdbot in
#5381
* Add digest pinning to image automation testing by @stefanprodan
in #5383
* correct small typo by @JIbald in #5388
* Remove credentials sync manifests by @matheuscscp in #5347
* Add sparse checkout to cli by @ba-work in #5389
* fix: Allow Azure CLI calls in flux push artifact --provider
azure on DevOps runners by @matheuscscp in #5390
* Fix knownhosts key mismatch regression bug by @matheuscscp in
#5404
* refactor: Use normalize.UnstructuredList instead of
ssa.SetNativeKindsDefaults by @cappyzawa in #5407
* Make service-account name configurable in flux create tenant by
@reiSh6phoo9o in #5402
* Update toolkit components by @fluxcdbot in #5409
* refactor: cleanup GetArtifactRegistryCredentials error handling
by @cappyzawa in #5418
* Promote image CLI commands to stable by @dgunzy in #5421
* Update toolkit components by @fluxcdbot in #5426
* Bump pkg/ssa to v0.49.0 for CABundle validation fix by @dgunzy
in #5431
* [RFC-0010] Add workload identity support for remote clusters by
@matheuscscp in #5434
* Update toolkit components by @fluxcdbot in #5443
* Fix flux push artifact for insecure registries by @stefanprodan
in #5449
* [RFC-0010] Add workload identity support for remote generic
clusters by @matheuscscp in #5452
* Fix flux diff kustomization ignore patterns by @dgunzy in #5451
* Update dependencies to Kubernetes 1.33.2 by @stefanprodan in
#5453
* build(deps): bump the ci group across 1 directory with 7
updates by @dependabot[bot] in #5435
* Upgrade fluxcd/pkg dependencies by @matheuscscp in #5455
* ci: Use GITHUB_TOKEN for API calls in update workflow by
@stefanprodan in #5460
* manifests: Add app.kubernetes.io/part-of: flux label to
controller pods by @pinkavaj in #5440
* Migrate sourcesecret package to runtime/secrets APIs by
@cappyzawa in #5462
* Implement flux migrate command by @stefanprodan in #5473
* [RFC-0007] Implementation history update by @stefanprodan in
#5480
* Run conformance tests for Kubernetes 1.34.0 by @stefanprodan in
#5497
* Update to Kubernetes v1.34.0 and Go 1.25.0 by @stefanprodan in
#5499
* build(deps): bump the ci group across 1 directory with 10
updates by @dependabot[bot] in #5500
* Allow the Go runtime to dynamically set GOMAXPROCS by
@stefanprodan in #5501
* fix(events): respect --all-namespaces flag by
@mohiuddin-khan-shiam in #5414
* [RFC-0011] OpenTelemetry Tracing by @adri1197 in #5321
* [RFC-0012] External Artifact API by @stefanprodan in #5292
* Add --show-history flag to debug helmrelease by @hawkaii in
#5505
* Skip release candidates on updates by @matheuscscp in #5507
* ci: Align azure e2e tests secret names with fluxcd/pkg by
@matheuscscp in #5508
* Update image-reflector-controller to v1.0.0 by @fluxcdbot in
#5517
* Update source-controller to v1.7.0 by @fluxcdbot in #5518
* Add the source-watcher controller to the Flux distribution by
@stefanprodan in #5519
* Add read-only commands for ArtifactGenerator kind by
@stefanprodan in #5520
* ci: Add source-watcher to the update workflow by @stefanprodan
in #5521
* Update image-automation-controller to v1.0.0 by @fluxcdbot in
#5522
* Update image-reflector-controller to v1.0.1 by @fluxcdbot in
#5525
* Implement flux [reconcile|suspend|resume] image policy commands
by @lukas8219 in #5492
* Handle force: enabled annotation in flux diff ks command by
@stefanprodan in #5528
* ci: Refactor CI with fluxcd/gha-workflows by @stefanprodan in
#5529
* Remove ArtifactGenerators during uninstall by @stefanprodan in
#5531
* Add support for ExternalArtifact to flux trace by @stefanprodan
in #5532
* Set Kubernetes 1.32 as min supported version by @stefanprodan
in #5533
* build(deps): bump the ci group with 6 updates by
@dependabot[bot] in #5535
* Add support for custom storage namespace in HelmRelease
creation by @prasad89 in #5534
* Update toolkit components by @fluxcdbot in #5537
* ci: remove cron schedule from update by @matheuscscp in #5539
* Update source-watcher to v2.0.1 by @fluxcdbot in #5540
* Add --show-history flag to debug kustomization by @matheuscscp
in #5541
* Update image-automation-controller to v1.0.1 by @fluxcdbot in
#5542
* fluxcd/flux2/action: Determine latest version without using
GitHub API by @RussellAult in #5509
-------------------------------------------------------------------
Tue Jul 08 10:51:20 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.6.4:
Flux v2.6.4 is a patch release that comes with various fixes.
Users are encouraged to upgrade for the best experience.
* Fixes:
- Fix for SOPS decryption with US Government KMS keys failing
with the error:
STS: AssumeRoleWithWebIdentity, https response error\n StatusCode: 0, RequestID: ,
request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp:
lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host
* Components changelog
- kustomize-controller v1.6.1
* CLI changed
- [release/v2.6.x] Update toolkit components by @fluxcdbot in
#5444
-------------------------------------------------------------------
Mon Jun 30 04:52:28 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.6.3:
* Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being
prioritized for ssh-rsa host keys in source-controller,
image-automation-controller and Flux CLI bootstrap.
-------------------------------------------------------------------
Mon Jun 16 14:32:21 UTC 2025 - Robert Munteanu <rombert@apache.org>
- Update to version 2.6.2:
* Update toolkit components
* Upgrade dependencies
* Introduce support for shelling out to Azure binaries in authentication
-------------------------------------------------------------------
Mon Jun 02 07:08:57 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.6.1:
Flux v2.6.1 is a patch release that comes with various fixes.
Users are encouraged to upgrade for the best experience.
* Fixes:
- Fix a bug introduced in image-reflector-controller v0.35.0
that was causing spurious error events for policies during
image repository reconciliation.
- Fix excessive logging in image-automation-controller after a
restart when the image tags cache is empty.
* Components changelog
- image-reflector-controller v0.35.1
* What's Changed
- [release/v2.6.x] Update image-reflector-controller to v0.35.1
by @fluxcdbot in #5382
- [release/v2.6.x] Add digest pinning to image automation
testing by @fluxcdbot in #5384
-------------------------------------------------------------------
Mon Jun 02 07:01:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 2.6.0:
https://github.com/fluxcd/flux2/releases/tag/v2.6.0
Flux v2.6.0 is a feature release. Users are encouraged to upgrade
for the best experience.
For a compressive overview of new features and API changes
included in this release, please refer to the Announcing Flux 2.6
GA blog post.
https://fluxcd.io/blog/2025/05/flux-v2.6.0/
Overview of the new features:
* General availability release for the Flux OCI Artifacts APIs
and flux artifact commands
* Support for OCI digests pinning (ImagePolicy,
ImageUpdateAutomation)
* Object-level workload identity authentication (OCIRepository,
ImageRepository, Kustomization, Alert Provider)
* Cache registry credentials for cloud providers (OCIRepository,
ImageRepository)
* Git HTTP/S Mutual TLS authentication (GitRepository,
ImageUpdateAutomation)
* Support for sparse checkout (GitRepository)
* Support for GitHub App authentication (Alert Provider)
* Support for managed Identity authentication to Azure Event Hub
(Alert Provider)
* Customize the ID of the Git commit status with CEL expressions
(Alert Provider)
* WaitForTermination deletion policy (Kustomization)
* DisableChartDigestTracking feature gate (HelmRelease)
* OpenShift compatibility
Flux can be installed on Red Hat OpenShift cluster directly
from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy
lockdown, network policies, persistent storage, sharding,
vertical scaling and the synchronization of the cluster state
from Git repositories, OCI artifacts, and S3-compatible
storage.
* Components changelog
- source-controller v1.6.0
- kustomize-controller v1.6.0
- notification-controller v1.6.0
- helm-controller v1.3.0
- image-reflector-controller v0.35.0
- image-automation-controller v0.41.0
* CLI-related changes
- Update CLI to OCIRepository v1 (GA)
- Add --interval and --reflect-digest flags to flux create
image policy
- Fix `flux trace` for HRs from `OCIRepository`s
- fix: allow recursive dry-run over local sources
- build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3
- Fix command debug hr not taking targetPath into account
-------------------------------------------------------------------
Tue Feb 25 17:28:41 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 2.5.1:
* Fixes:
- Fix a bug introduced in kustomize-controller v1.5.0 that was
causing spurious logging for deprecated API versions and
health check failures.
- Sanitize the kustomize-controller logs when encountering
errors during SOPS decryption.
- fix zsh completion subpackage
-------------------------------------------------------------------
Thu Feb 20 15:03:56 UTC 2025 - rombert@apache.org
- Update to version 2.5.0:
* Update kubectl in flux-cli image
* Update flux-cli image
* Update Kubernetes min supported version to 1.30
* Update integration tests dependencies for Flux 2.5
* Update toolkit components
* [RFC-007] Flux cmd support for GitHub provider: This commit includes the following changes -
* Update toolkit components
* build(deps): bump github.com/distribution/distribution/v3
* Upgrade pkg/runtime
* Update conformance test suite
* build(deps): bump the ci group across 1 directory with 13 updates
* Align skipping of resources in flux diff to kustomize-controller
* Update dependencies
* Clarify expression evaluation logic
* Apply suggestions from code review
* Explain the evaluation logic based on conditions
* Add ClusterAPI example to RFC
* Add `SealedSecret` example to RFC
* Add Custom Health Check Library to RFC
* Rework the custom health check spec
* Add RFC - Custom Health Checks for Kustomization using Common Expression Language(CEL)
* handle len(args) < 1 case
* pass args to enable more detailed error message
* fix golden file
* Improve "flux resume" error message on non-existent object
* Fix create command always using imageRepositoryType
* Add OpenShift 4.16 & 4.17 to conformance testing
* Add RFC 0008 - Custom Event Metadata from Annotations
* Make `flux debug hr` single flag selection required
* Add links to status docs in `flux debug` commands
* Add name completion to debug commands
* Implement `flux debug kustomization` command
* Add missing copyright headers
* Add preview note to `debug hr`
* Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
* Run conformance tests for Kubernetes 1.32.0
* Implement `flux debug helmrelease` command
* workflows: Use setup-terraform to install latest
* Update dependencies
* build(deps): bump the ci group across 1 directory with 11 updates
* fix misplaced quotes
* fix: skip remote Kustomizations on recursive diff
* docs: Mention Flux upgrade guide in release notes
* fix: error message for missing kind
* Update conformance.yaml
-------------------------------------------------------------------
Wed Oct 02 06:44:20 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 2.4.0:
https://github.com/fluxcd/flux2/releases/tag/v2.4.0
CLI Changelog
* PR #5014 - @stefanprodan - Update Kubernetes dependencies to
v1.31.1
* PR #5011 - @stefanprodan - Remove TLS deprecated flags from
flux create secret
* PR #5010 - @stefanprodan - Add flux create secret proxy command
* PR #5009 - @stefanprodan - Add --proxy-secret-ref to flux
create source commands
* PR #5008 - @stefanprodan - Promote bucket commands to GA
* PR #5007 - @stefanprodan - Run conformance tests for Kubernetes
1.29-1.31
* PR #5005 - @fluxcdbot - Update toolkit components
* PR #5004 - @fluxcdbot - Update source-controller to v1.4.1
* PR #4986 - @dipti-pai - [RFC-0007] Add --provider flag to flux
create source git
* PR #4970 - @JasonTheDeveloper - Update
notaryproject/notation-go to 1.2.1
* PR #4967 - @mxtw - tests: use tempdir to avoid manual gc
* PR #4959 - @stefanprodan - Fix GitHub bootstrap for
repositories with custom properties
* PR #4948 - @harshitasao - fix: fixed GHA token-permission and
pinned dependencies issue
* PR #4939 - @bkreitch - Recursively diff Kustomizations
* PR #4936 - @stefanprodan - Build with Go 1.23
* PR #4934 - @stefanprodan - Update dependencies to Kubernetes
v1.31.0
* PR #4922 - @bkreitch - Stop spinner on cancel of flux diff
kustomization
* PR #4918 - @matheuscscp - Fix reconcile helmrelease command
description
* PR #4892 - @stefanprodan - Run conformance tests for Kubernetes
v1.31
* PR #4871 - @harshitasao - changed the scorecard badge link to
the standard format
* PR #4866 - @nagyv - Introduce visibility flag for bootstrap
gitlab
* PR #4863 - @stefanprodan - Update conformance tests to
Kubernetes v1.30.2
* PR #4845 - @stefanprodan - Run ARM64 e2e tests on GitHub
runners
* PR #4842 - @stefanprodan - Add part-of label to controllers
base
* PR #4835 - @stefanprodan - ci: Adapt config to GoRelease v2
* PR #4806 - @dipti-pai - [RFC] Passwordless authentication for
Git repositories
-------------------------------------------------------------------
Sat Jun 15 16:59:08 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

4
flux2-cli.obsinfo Normal file
View File

@@ -0,0 +1,4 @@
name: flux2-cli
version: 2.7.5
mtime: 1764238728
commit: 8454b02a32e48d775b9f563cb51fdcb1787b5b93

67
flux2-cli.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package flux2-cli
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,27 +16,25 @@
#
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
%define repo_name flux2
%define executable_name flux
# check these versions on updates
# see flux2/manifests/bases/*/kustomization.yaml
%define helm_controller_version v1.0.1
%define image_automation_controller_version v0.38.0
%define image_reflector_controller_version v0.32.0
%define kustomize_controller_version v1.3.0
%define notification_controller_version v1.3.0
%define source_controller_version v1.3.0
%define helm_controller_version v1.4.5
%define image_automation_controller_version v1.0.4
%define image_reflector_controller_version v1.0.4
%define kustomize_controller_version v1.7.3
%define notification_controller_version v1.7.5
%define source_controller_version v1.7.4
%define source_watcher_version v2.0.3
Name: flux2-cli
Version: 2.3.0
Version: 2.7.5
Release: 0
Summary: CLI for Flux2CD
License: Apache-2.0
URL: https://github.com/fluxcd/flux2
Source: %{repo_name}-%{version}.tar.gz
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Source11: helm-controller.crds.yaml
Source12: helm-controller.deployment.yaml
@@ -50,21 +48,34 @@ Source19: notification-controller.crds.yaml
Source20: notification-controller.deployment.yaml
Source21: source-controller.crds.yaml
Source22: source-controller.deployment.yaml
Source23: source-watcher.crds.yaml
Source24: source-watcher.deployment.yaml
Source101: Packaging_README.md
Source102: download_yaml.sh
BuildRequires: bash-completion
BuildRequires: fish
BuildRequires: git-core
BuildRequires: go >= 1.22
BuildRequires: helm
BuildRequires: kustomize
BuildRequires: zsh
BuildRequires: golang(API) >= 1.25
%description
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories and OCI artifacts), and automating updates to configuration when there is new code to deploy.
Flux is a tool for keeping Kubernetes clusters in sync with sources of
configuration (like Git repositories and OCI artifacts), and automating updates
to configuration when there is new code to deploy.
Flux version 2 ("v2") is built from the ground up to use Kubernetes' API extension system, and to integrate with Prometheus and other core components of the Kubernetes ecosystem. In version 2, Flux supports multi-tenancy and support for syncing an arbitrary number of Git repositories, among other long-requested features.
Flux version 2 ("v2") is built from the ground up to use Kubernetes' API
extension system, and to integrate with Prometheus and other core components of
the Kubernetes ecosystem. In version 2, Flux supports multi-tenancy and support
for syncing an arbitrary number of Git repositories, among other long-requested
features.
Flux v2 is constructed with the GitOps Toolkit, a set of composable APIs and specialized tools for building Continuous Delivery on top of Kubernetes.
Flux v2 is constructed with the GitOps Toolkit, a set of composable APIs and
specialized tools for building Continuous Delivery on top of Kubernetes.
Flux is a Cloud Native Computing Foundation (CNCF) project, used in production by various organisations and cloud providers.
Flux is a Cloud Native Computing Foundation (CNCF) project, used in production
by various organisations and cloud providers.
%package -n %{name}-bash-completion
Summary: Bash Completion for %{name}
@@ -98,7 +109,7 @@ BuildArch: noarch
Fish command line completion support for %{name}.
%prep
%autosetup -p 1 -a 1 -n %{repo_name}-%{version}
%autosetup -p 1 -a 1
%build
cp %{SOURCE11} ./manifests/bases/helm-controller/
@@ -131,6 +142,11 @@ cp %{SOURCE22} ./manifests/bases/source-controller/
sed -i 's_https://github.com/fluxcd/source-controller/releases/download/%{source_controller_version}/__g' manifests/bases/source-controller/kustomization.yaml
cat manifests/bases/source-controller/kustomization.yaml
cp %{SOURCE23} ./manifests/bases/source-watcher/
cp %{SOURCE24} ./manifests/bases/source-watcher/
sed -i 's_https://github.com/fluxcd/source-watcher/releases/download/%{source_watcher_version}/__g' manifests/bases/source-watcher/kustomization.yaml
cat manifests/bases/source-watcher/kustomization.yaml
./manifests/scripts/bundle.sh
go build \
@@ -148,30 +164,29 @@ mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions
%{buildroot}/%{_bindir}/flux completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{executable_name}
# create the zsh completion file
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d
%{buildroot}/%{_bindir}/flux completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{executable_name}
mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions
%{buildroot}/%{_bindir}/flux completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{executable_name}
# create the fish completion file
mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
%{buildroot}/%{_bindir}/flux completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{executable_name}.fish
%check
# version output without leading v
%{buildroot}/%{_bindir}/%{executable_name} --version | grep %{version}
%files
%doc README.md
%license LICENSE
%{_bindir}/%{executable_name}
%files -n %{name}-bash-completion
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{executable_name}
%files -n %{name}-zsh-completion
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{executable_name}
%{_datarootdir}/zsh/site-functions/_%{executable_name}
%files -n %{name}-fish-completion
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{executable_name}.fish
%changelog

4
flux2.obsinfo
View File

@@ -1,4 +0,0 @@
name: flux2
version: 2.3.0
mtime: 1715584692
commit: 896e0fa46d5107a05e953dd0a5261d78a145ec8c

1576
helm-controller.crds.yaml
View File

File diff suppressed because it is too large Load Diff

2
helm-controller.deployment.yaml
View File

@@ -28,7 +28,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/helm-controller:v1.0.1
image: fluxcd/helm-controller:v1.4.5
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

776
image-automation-controller.crds.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: imageupdateautomations.image.toolkit.fluxcd.io
spec:
group: image.toolkit.fluxcd.io
@@ -10,16 +10,28 @@ spec:
kind: ImageUpdateAutomation
listKind: ImageUpdateAutomationList
plural: imageupdateautomations
shortNames:
- iua
- imgupd
- imgauto
singular: imageupdateautomation
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastAutomationRunTime
name: Last run
priority: 1
type: string
deprecated: true
deprecationWarning: v1beta1 ImageUpdateAutomation is deprecated, upgrade to v1beta2
name: v1beta1
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImageUpdateAutomation is the Schema for the imageupdateautomations
@@ -70,7 +82,6 @@ spec:
description: |-
Commit SHA to check out, takes precedence over all reference fields.
This can be combined with Branch to shallow clone the branch, in which
the commit is expected to exist.
type: string
@@ -78,7 +89,6 @@ spec:
description: |-
Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
type: string
@@ -116,331 +126,15 @@ spec:
description: |-
MessageTemplate provides a template for the commit message,
into which will be interpolated the details of the change made.
Note: The `Updated` template field has been removed. Use `Changed` instead.
type: string
signingKey:
description: SigningKey provides the option to sign commits
with a GPG key
properties:
secretRef:
description: |-
SecretRef holds the name to a secret that contains a 'git.asc' key
corresponding to the ASCII Armored file containing the GPG signing
keypair as the value. It must be in the same namespace as the
ImageUpdateAutomation.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
type: object
required:
- author
type: object
push:
description: |-
Push specifies how and where to push commits made by the
automation. If missing, commits are pushed (back) to
`.spec.checkout.branch` or its default.
properties:
branch:
description: |-
Branch specifies that commits should be pushed to the branch
named. The branch is created using `.spec.checkout.branch` as the
starting point, if it doesn't already exist.
type: string
options:
messageTemplateValues:
additionalProperties:
type: string
description: |-
Options specifies the push options that are sent to the Git
server when performing a push operation. For details, see:
https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
MessageTemplateValues provides additional values to be available to the
templating rendering.
type: object
refspec:
description: |-
Refspec specifies the Git Refspec to use for a push operation.
If both Branch and Refspec are provided, then the commit is pushed
to the branch and also using the specified refspec.
For more details about Git Refspecs, see:
https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
type: string
type: object
required:
- commit
type: object
interval:
description: |-
Interval gives an lower bound for how often the automation
run should be attempted.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
sourceRef:
description: |-
SourceRef refers to the resource giving access details
to a git repository.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
default: GitRepository
description: Kind of the referent.
enum:
- GitRepository
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, defaults to the namespace
of the Kubernetes resource object that contains the reference.
type: string
required:
- kind
- name
type: object
suspend:
description: |-
Suspend tells the controller to not run this automation, until
it is unset (or set to false). Defaults to false.
type: boolean
update:
default:
strategy: Setters
description: |-
Update gives the specification for how to update the files in
the repository. This can be left empty, to use the default
value.
properties:
path:
description: |-
Path to the directory containing the manifests to be updated.
Defaults to 'None', which translates to the root path
of the GitRepositoryRef.
type: string
strategy:
default: Setters
description: Strategy names the strategy to be used.
enum:
- Setters
type: string
required:
- strategy
type: object
required:
- interval
- sourceRef
type: object
status:
default:
observedGeneration: -1
description: ImageUpdateAutomationStatus defines the observed state of
ImageUpdateAutomation
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastAutomationRunTime:
description: |-
LastAutomationRunTime records the last time the controller ran
this automation through to completion (even if no updates were
made).
format: date-time
type: string
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
lastPushCommit:
description: |-
LastPushCommit records the SHA1 of the last commit made by the
controller, for this automation object
type: string
lastPushTime:
description: LastPushTime records the time of the last pushed change.
format: date-time
type: string
observedGeneration:
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.lastAutomationRunTime
name: Last run
type: string
name: v1beta2
schema:
openAPIV3Schema:
description: ImageUpdateAutomation is the Schema for the imageupdateautomations
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation
properties:
git:
description: |-
GitSpec contains all the git-specific definitions. This is
technically optional, but in practice mandatory until there are
other kinds of source allowed.
properties:
checkout:
description: |-
Checkout gives the parameters for cloning the git repository,
ready to make changes. If not present, the `spec.ref` field from the
referenced `GitRepository` or its default will be used.
properties:
ref:
description: |-
Reference gives a branch, tag or commit to clone from the Git
repository.
properties:
branch:
description: Branch to check out, defaults to 'master'
if no other field is defined.
type: string
commit:
description: |-
Commit SHA to check out, takes precedence over all reference fields.
This can be combined with Branch to shallow clone the branch, in which
the commit is expected to exist.
type: string
name:
description: |-
Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
type: string
semver:
description: SemVer tag expression to check out, takes
precedence over Tag.
type: string
tag:
description: Tag to check out, takes precedence over Branch.
type: string
type: object
required:
- ref
type: object
commit:
description: Commit specifies how to commit to the git repository.
properties:
author:
description: |-
Author gives the email and optionally the name to use as the
author of commits.
properties:
email:
description: Email gives the email to provide when making
a commit.
type: string
name:
description: Name gives the name to provide when making
a commit.
type: string
required:
- email
type: object
messageTemplate:
description: |-
MessageTemplate provides a template for the commit message,
into which will be interpolated the details of the change made.
type: string
signingKey:
description: SigningKey provides the option to sign commits
with a GPG key
@@ -458,6 +152,8 @@ spec:
required:
- name
type: object
required:
- secretRef
type: object
required:
- author
@@ -598,8 +294,6 @@ spec:
enum:
- Setters
type: string
required:
- strategy
type: object
required:
- interval
@@ -613,16 +307,8 @@ spec:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -663,12 +349,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -709,6 +390,9 @@ spec:
additionalProperties:
description: ImageRef represents an image reference.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
@@ -735,3 +419,407 @@ spec:
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastAutomationRunTime
name: Last run
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: v1beta2 ImageUpdateAutomation is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
description: ImageUpdateAutomation is the Schema for the imageupdateautomations
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation
properties:
git:
description: |-
GitSpec contains all the git-specific definitions. This is
technically optional, but in practice mandatory until there are
other kinds of source allowed.
properties:
checkout:
description: |-
Checkout gives the parameters for cloning the git repository,
ready to make changes. If not present, the `spec.ref` field from the
referenced `GitRepository` or its default will be used.
properties:
ref:
description: |-
Reference gives a branch, tag or commit to clone from the Git
repository.
properties:
branch:
description: Branch to check out, defaults to 'master'
if no other field is defined.
type: string
commit:
description: |-
Commit SHA to check out, takes precedence over all reference fields.
This can be combined with Branch to shallow clone the branch, in which
the commit is expected to exist.
type: string
name:
description: |-
Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
type: string
semver:
description: SemVer tag expression to check out, takes
precedence over Tag.
type: string
tag:
description: Tag to check out, takes precedence over Branch.
type: string
type: object
required:
- ref
type: object
commit:
description: Commit specifies how to commit to the git repository.
properties:
author:
description: |-
Author gives the email and optionally the name to use as the
author of commits.
properties:
email:
description: Email gives the email to provide when making
a commit.
type: string
name:
description: Name gives the name to provide when making
a commit.
type: string
required:
- email
type: object
messageTemplate:
description: |-
MessageTemplate provides a template for the commit message,
into which will be interpolated the details of the change made.
Note: The `Updated` template field has been removed. Use `Changed` instead.
type: string
messageTemplateValues:
additionalProperties:
type: string
description: |-
MessageTemplateValues provides additional values to be available to the
templating rendering.
type: object
signingKey:
description: SigningKey provides the option to sign commits
with a GPG key
properties:
secretRef:
description: |-
SecretRef holds the name to a secret that contains a 'git.asc' key
corresponding to the ASCII Armored file containing the GPG signing
keypair as the value. It must be in the same namespace as the
ImageUpdateAutomation.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- secretRef
type: object
required:
- author
type: object
push:
description: |-
Push specifies how and where to push commits made by the
automation. If missing, commits are pushed (back) to
`.spec.checkout.branch` or its default.
properties:
branch:
description: |-
Branch specifies that commits should be pushed to the branch
named. The branch is created using `.spec.checkout.branch` as the
starting point, if it doesn't already exist.
type: string
options:
additionalProperties:
type: string
description: |-
Options specifies the push options that are sent to the Git
server when performing a push operation. For details, see:
https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
type: object
refspec:
description: |-
Refspec specifies the Git Refspec to use for a push operation.
If both Branch and Refspec are provided, then the commit is pushed
to the branch and also using the specified refspec.
For more details about Git Refspecs, see:
https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
type: string
type: object
required:
- commit
type: object
interval:
description: |-
Interval gives an lower bound for how often the automation
run should be attempted.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
policySelector:
description: |-
PolicySelector allows to filter applied policies based on labels.
By default includes all policies in namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
sourceRef:
description: |-
SourceRef refers to the resource giving access details
to a git repository.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
default: GitRepository
description: Kind of the referent.
enum:
- GitRepository
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, defaults to the namespace
of the Kubernetes resource object that contains the reference.
type: string
required:
- kind
- name
type: object
suspend:
description: |-
Suspend tells the controller to not run this automation, until
it is unset (or set to false). Defaults to false.
type: boolean
update:
default:
strategy: Setters
description: |-
Update gives the specification for how to update the files in
the repository. This can be left empty, to use the default
value.
properties:
path:
description: |-
Path to the directory containing the manifests to be updated.
Defaults to 'None', which translates to the root path
of the GitRepositoryRef.
type: string
strategy:
default: Setters
description: Strategy names the strategy to be used.
enum:
- Setters
type: string
type: object
required:
- interval
- sourceRef
type: object
status:
default:
observedGeneration: -1
description: ImageUpdateAutomationStatus defines the observed state of
ImageUpdateAutomation
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastAutomationRunTime:
description: |-
LastAutomationRunTime records the last time the controller ran
this automation through to completion (even if no updates were
made).
format: date-time
type: string
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
lastPushCommit:
description: |-
LastPushCommit records the SHA1 of the last commit made by the
controller, for this automation object
type: string
lastPushTime:
description: LastPushTime records the time of the last pushed change.
format: date-time
type: string
observedGeneration:
format: int64
type: integer
observedPolicies:
additionalProperties:
description: ImageRef represents an image reference.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
description: |-
ObservedPolicies is the list of observed ImagePolicies that were
considered by the ImageUpdateAutomation update process.
type: object
observedSourceRevision:
description: |-
ObservedPolicies []ObservedPolicy `json:"observedPolicies,omitempty"`
ObservedSourceRevision is the last observed source revision. This can be
used to determine if the source has been updated since last observation.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}

2
image-automation-controller.deployment.yaml
View File

@@ -28,7 +28,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/image-automation-controller:v0.38.0
image: fluxcd/image-automation-controller:v1.0.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

446
image-reflector-controller.crds.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: imagepolicies.image.toolkit.fluxcd.io
spec:
group: image.toolkit.fluxcd.io
@@ -10,14 +10,29 @@ spec:
kind: ImagePolicy
listKind: ImagePolicyList
plural: imagepolicies
shortNames:
- imgpol
- imagepol
singular: imagepolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.latestImage
name: LatestImage
- jsonPath: .status.latestRef.name
name: Image
type: string
name: v1beta1
- jsonPath: .status.latestRef.tag
name: Tag
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImagePolicy is the Schema for the imagepolicies API
@@ -42,8 +57,27 @@ spec:
spec:
description: |-
ImagePolicySpec defines the parameters for calculating the
ImagePolicy
ImagePolicy.
properties:
digestReflectionPolicy:
default: Never
description: |-
DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.
Never: The digest field will always be set to the empty string.
IfNotPresent: The digest field will be set to the digest of the elected
latest image if the field is empty and the image did not change.
Always: The digest field will always be set to the digest of the elected
latest image.
Default: Never.
enum:
- Always
- IfNotPresent
- Never
type: string
filterTags:
description: |-
FilterTags enables filtering for only a subset of tags based on a set of
@@ -76,6 +110,15 @@ spec:
required:
- name
type: object
interval:
description: |-
Interval is the length of time to wait between
refreshing the digest of the latest tag when the
reflection policy is set to "Always".
Defaults to 10m.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
policy:
description: |-
Policy gives the particulars of the policy to be followed in
@@ -125,10 +168,24 @@ spec:
- range
type: object
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent policy reconciliations.
It does not apply to already started reconciliations. Defaults to false.
type: boolean
required:
- imageRepositoryRef
- policy
type: object
x-kubernetes-validations:
- message: spec.interval is only accepted when spec.digestReflectionPolicy
is set to 'Always'
rule: '!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy
== ''Always'')'
- message: spec.interval must be set when spec.digestReflectionPolicy
is set to 'Always'
rule: has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy
!= 'Always'
status:
default:
observedGeneration: -1
@@ -136,16 +193,8 @@ spec:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -186,12 +235,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -203,25 +247,76 @@ spec:
- type
type: object
type: array
latestImage:
lastHandledReconcileAt:
description: |-
LatestImage gives the first in the list of images scanned by
the image repository, when filtered and ordered according to
the policy.
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
latestRef:
description: |-
LatestRef gives the first in the list of images scanned by
the image repository, when filtered and ordered according
to the policy.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
observedGeneration:
format: int64
type: integer
observedPreviousRef:
description: |-
ObservedPreviousRef is the observed previous LatestRef. It is used
to keep track of the previous and current images.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
type: object
type: object
served: true
storage: false
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.latestImage
name: LatestImage
- jsonPath: .status.latestRef.name
name: Image
type: string
- jsonPath: .status.latestRef.tag
name: Tag
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: v1beta2 ImagePolicy is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
@@ -249,6 +344,25 @@ spec:
ImagePolicySpec defines the parameters for calculating the
ImagePolicy.
properties:
digestReflectionPolicy:
default: Never
description: |-
DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field.
Never: The digest field will always be set to the empty string.
IfNotPresent: The digest field will be set to the digest of the elected
latest image if the field is empty and the image did not change.
Always: The digest field will always be set to the digest of the elected
latest image.
Default: Never.
enum:
- Always
- IfNotPresent
- Never
type: string
filterTags:
description: |-
FilterTags enables filtering for only a subset of tags based on a set of
@@ -281,6 +395,15 @@ spec:
required:
- name
type: object
interval:
description: |-
Interval is the length of time to wait between
refreshing the digest of the latest tag when the
reflection policy is set to "Always".
Defaults to 10m.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
policy:
description: |-
Policy gives the particulars of the policy to be followed in
@@ -330,10 +453,24 @@ spec:
- range
type: object
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent policy reconciliations.
It does not apply to already started reconciliations. Defaults to false.
type: boolean
required:
- imageRepositoryRef
- policy
type: object
x-kubernetes-validations:
- message: spec.interval is only accepted when spec.digestReflectionPolicy
is set to 'Always'
rule: '!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy
== ''Always'')'
- message: spec.interval must be set when spec.digestReflectionPolicy
is set to 'Always'
rule: has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy
!= 'Always'
status:
default:
observedGeneration: -1
@@ -341,16 +478,8 @@ spec:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -391,12 +520,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -408,24 +532,56 @@ spec:
- type
type: object
type: array
latestImage:
lastHandledReconcileAt:
description: |-
LatestImage gives the first in the list of images scanned by
the image repository, when filtered and ordered according to
the policy.
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
latestRef:
description: |-
LatestRef gives the first in the list of images scanned by
the image repository, when filtered and ordered according
to the policy.
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
observedGeneration:
format: int64
type: integer
observedPreviousImage:
observedPreviousRef:
description: |-
ObservedPreviousImage is the observed previous LatestImage. It is used
ObservedPreviousRef is the observed previous LatestRef. It is used
to keep track of the previous and current images.
type: string
properties:
digest:
description: Digest is the image's digest.
type: string
name:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
required:
- name
- tag
type: object
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}
---
@@ -433,7 +589,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: imagerepositories.image.toolkit.fluxcd.io
spec:
group: image.toolkit.fluxcd.io
@@ -441,17 +597,33 @@ spec:
kind: ImageRepository
listKind: ImageRepositoryList
plural: imagerepositories
shortNames:
- imgrepo
- imagerepo
singular: imagerepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .status.lastScanResult.tagCount
name: Tags
type: string
name: v1beta1
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImageRepository is the Schema for the imagerepositories API
@@ -507,19 +679,21 @@ spec:
type: object
certSecretRef:
description: |-
CertSecretRef can be given the name of a secret containing
CertSecretRef can be given the name of a Secret containing
either or both of
- a PEM-encoded client certificate (`tls.crt`) and private
key (`tls.key`);
- a PEM-encoded CA certificate (`ca.crt`)
- a PEM-encoded client certificate (`certFile`) and private
key (`keyFile`);
- a PEM-encoded CA certificate (`caFile`)
and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are
authenticating with a certificate; the CA cert is useful if
you are using a self-signed server certificate. The Secret must
be of type `Opaque` or `kubernetes.io/tls`.
and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are
authenticating with a certificate; the CA cert is useful if
you are using a self-signed server certificate.
Note: Support for the `caFile`, `certFile` and `keyFile` keys has
been deprecated.
properties:
name:
description: Name of the referent.
@@ -528,21 +702,50 @@ spec:
- name
type: object
exclusionList:
default:
- ^.*\.sig$
description: |-
ExclusionList is a list of regex strings used to exclude certain tags
from being stored in the database.
items:
type: string
maxItems: 25
type: array
image:
description: Image is the name of the image repository
type: string
insecure:
description: Insecure allows connecting to a non-TLS HTTP container
registry.
type: boolean
interval:
description: |-
Interval is the length of time to wait between
scans of the image repository.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
provider:
default: generic
description: |-
The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
When not specified, defaults to 'generic'.
enum:
- generic
- aws
- azure
- gcp
type: string
proxySecretRef:
description: |-
ProxySecretRef specifies the Secret containing the proxy configuration
to use while communicating with the container registry.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef can be given the name of a secret containing
@@ -573,6 +776,9 @@ spec:
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
required:
- image
- interval
type: object
status:
default:
@@ -587,16 +793,8 @@ spec:
type: string
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -637,12 +835,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -663,14 +856,36 @@ spec:
lastScanResult:
description: LastScanResult contains the number of fetched tags.
properties:
latestTags:
description: |-
LatestTags is a small sample of the tags found in the last scan.
It's the first 10 tags when sorting all the tags in descending
alphabetical order.
items:
type: string
type: array
revision:
description: Revision is a stable hash of the scanned tags.
type: string
scanTime:
description: ScanTime is the time when the last scan was performed.
format: date-time
type: string
tagCount:
description: TagCount is the number of tags found in the last
scan.
type: integer
required:
- tagCount
type: object
observedExclusionList:
description: |-
ObservedExclusionList is a list of observed exclusion list. It reflects
the exclusion rules used for the observed scan result in
spec.lastScanResult.
items:
type: string
type: array
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
@@ -678,16 +893,31 @@ spec:
type: object
type: object
served: true
storage: false
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .status.lastScanResult.tagCount
name: Tags
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.lastScanResult.scanTime
name: Last scan
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: v1beta2 ImageRepository is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
@@ -747,19 +977,16 @@ spec:
CertSecretRef can be given the name of a Secret containing
either or both of
- a PEM-encoded client certificate (`tls.crt`) and private
key (`tls.key`);
- a PEM-encoded CA certificate (`ca.crt`)
and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are
authenticating with a certificate; the CA cert is useful if
you are using a self-signed server certificate. The Secret must
be of type `Opaque` or `kubernetes.io/tls`.
Note: Support for the `caFile`, `certFile` and `keyFile` keys has
been deprecated.
properties:
@@ -803,6 +1030,17 @@ spec:
- azure
- gcp
type: string
proxySecretRef:
description: |-
ProxySecretRef specifies the Secret containing the proxy configuration
to use while communicating with the container registry.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef can be given the name of a secret containing
@@ -833,6 +1071,9 @@ spec:
Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
required:
- image
- interval
type: object
status:
default:
@@ -847,16 +1088,8 @@ spec:
type: string
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -897,12 +1130,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -924,13 +1152,23 @@ spec:
description: LastScanResult contains the number of fetched tags.
properties:
latestTags:
description: |-
LatestTags is a small sample of the tags found in the last scan.
It's the first 10 tags when sorting all the tags in descending
alphabetical order.
items:
type: string
type: array
revision:
description: Revision is a stable hash of the scanned tags.
type: string
scanTime:
description: ScanTime is the time when the last scan was performed.
format: date-time
type: string
tagCount:
description: TagCount is the number of tags found in the last
scan.
type: integer
required:
- tagCount
@@ -950,6 +1188,6 @@ spec:
type: object
type: object
served: true
storage: true
storage: false
subresources:
status: {}

2
image-reflector-controller.deployment.yaml
View File

@@ -28,7 +28,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/image-reflector-controller:v0.32.0
image: fluxcd/image-reflector-controller:v1.0.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

877
kustomize-controller.crds.yaml
View File

File diff suppressed because it is too large Load Diff

2
kustomize-controller.deployment.yaml
View File

@@ -28,7 +28,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/kustomize-controller:v1.3.0
image: fluxcd/kustomize-controller:v1.7.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

791
notification-controller.crds.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -13,210 +13,6 @@ spec:
singular: alert
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta1 Alert is deprecated, upgrade to v1beta3
name: v1beta1
schema:
openAPIV3Schema:
description: Alert is the Schema for the alerts API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: AlertSpec defines an alerting rule for events involving a
list of objects
properties:
eventSeverity:
default: info
description: |-
Filter events based on severity, defaults to ('info').
If set to 'info' no events will be filtered.
enum:
- info
- error
type: string
eventSources:
description: Filter events based on the involved objects.
items:
description: |-
CrossNamespaceObjectReference contains enough information to let you locate the
typed referenced object at cluster level
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type: string
matchLabels:
additionalProperties:
type: string
description: |-
MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
name:
description: Name of the referent
maxLength: 53
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
minLength: 1
type: string
required:
- name
type: object
type: array
exclusionList:
description: A list of Golang regular expressions to be used for excluding
messages.
items:
type: string
type: array
providerRef:
description: Send events using this provider.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
summary:
description: Short description of the impact and affected cluster.
type: string
suspend:
description: |-
This flag tells the controller to suspend subsequent events dispatching.
Defaults to false.
type: boolean
required:
- eventSources
- providerRef
type: object
status:
default:
observedGeneration: -1
description: AlertStatus defines the observed state of Alert
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
@@ -313,12 +109,12 @@ spec:
description: |-
Name of the referent
If multiple resources are targeted `*` may be set.
maxLength: 53
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
maxLength: 253
minLength: 1
type: string
required:
@@ -372,16 +168,8 @@ spec:
conditions:
description: Conditions holds the conditions for the Alert.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -422,12 +210,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -543,12 +326,12 @@ spec:
description: |-
Name of the referent
If multiple resources are targeted `*` may be set.
maxLength: 53
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
maxLength: 253
minLength: 1
type: string
required:
@@ -581,8 +364,9 @@ spec:
- name
type: object
summary:
description: Summary holds a short description of the impact and affected
cluster.
description: |-
Summary holds a short description of the impact and affected cluster.
Deprecated: Use EventMetadata instead.
maxLength: 255
type: string
suspend:
@@ -603,7 +387,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -614,200 +398,6 @@ spec:
singular: provider
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta1 Provider is deprecated, upgrade to v1beta3
name: v1beta1
schema:
openAPIV3Schema:
description: Provider is the Schema for the providers API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ProviderSpec defines the desired state of Provider
properties:
address:
description: HTTP/S webhook address of this provider
pattern: ^(http|https)://
type: string
certSecretRef:
description: |-
CertSecretRef can be given the name of a secret containing
a PEM-encoded CA certificate (`caFile`)
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
channel:
description: Alert channel for this provider
type: string
proxy:
description: HTTP/S address of the proxy
pattern: ^(http|https)://
type: string
secretRef:
description: |-
Secret reference containing the provider webhook URL
using "address" as data key
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent events handling.
Defaults to false.
type: boolean
timeout:
description: Timeout for sending alerts to the provider.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
description: Type of provider
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- azuredevops
- googlechat
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
type: string
username:
description: Bot username for this provider
type: string
required:
- type
type: object
status:
default:
observedGeneration: -1
description: ProviderStatus defines the observed state of Provider
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
@@ -858,7 +448,6 @@ spec:
CertSecretRef specifies the Secret containing
a PEM-encoded CA certificate (in the `ca.crt` key).
Note: Support for the `caFile` key has
been deprecated.
properties:
@@ -948,16 +537,8 @@ spec:
conditions:
description: Conditions holds the conditions for the Provider.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -998,12 +579,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -1070,12 +646,15 @@ spec:
type: string
certSecretRef:
description: |-
CertSecretRef specifies the Secret containing
a PEM-encoded CA certificate (in the `ca.crt` key).
CertSecretRef specifies the Secret containing TLS certificates
for secure communication.
Supported configurations:
- CA-only: Server authentication (provide ca.crt only)
- mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key)
- Client-only: Client authentication with system CA (provide tls.crt + tls.key only)
Note: Support for the `caFile` key has
been deprecated.
Legacy keys "caFile", "certFile", "keyFile" are supported but deprecated. Use "ca.crt", "tls.crt", "tls.key" instead.
properties:
name:
description: Name of the referent.
@@ -1088,6 +667,14 @@ spec:
should be posted.
maxLength: 2048
type: string
commitStatusExpr:
description: |-
CommitStatusExpr is a CEL expression that evaluates to a string value
that can be used to generate a custom commit status message for use
with eligible Provider types (github, gitlab, gitea, bitbucketserver,
bitbucket, azuredevops). Supported variables are: event, provider,
and alert.
type: string
interval:
description: |-
Interval at which to reconcile the Provider with its Secret references.
@@ -1095,10 +682,25 @@ spec:
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
proxy:
description: Proxy the HTTP/S address of the proxy server.
description: |-
Proxy the HTTP/S address of the proxy server.
Deprecated: Use ProxySecretRef instead. Will be removed in v1.
maxLength: 2048
pattern: ^(http|https)://.*$
type: string
proxySecretRef:
description: |-
ProxySecretRef specifies the Secret containing the proxy configuration
for this Provider. The Secret should contain an 'address' key with the
HTTP/S address of the proxy server. Optional 'username' and 'password'
keys can be provided for proxy authentication.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: |-
SecretRef specifies the Secret containing the authentication
@@ -1110,6 +712,24 @@ spec:
required:
- name
type: object
serviceAccountName:
description: |-
ServiceAccountName is the name of the Kubernetes ServiceAccount used to
authenticate with cloud provider services through workload identity.
This enables multi-tenant authentication without storing static credentials.
Supported provider types: azureeventhub, azuredevops, googlepubsub
When specified, the controller will:
1. Create an OIDC token for the specified ServiceAccount
2. Exchange it for cloud provider credentials via STS
3. Use the obtained credentials for API authentication
When unspecified, controller-level authentication is used (single-tenant).
An error is thrown if static credentials are also defined in SecretRef.
This field requires the ObjectLevelWorkloadIdentity feature gate to be enabled.
type: string
suspend:
description: |-
Suspend tells the controller to suspend subsequent
@@ -1149,6 +769,8 @@ spec:
- pagerduty
- datadog
- nats
- zulip
- otel
type: string
username:
description: Username specifies the name under which events are posted.
@@ -1157,6 +779,12 @@ spec:
required:
- type
type: object
x-kubernetes-validations:
- message: spec.commitStatusExpr is only supported for the 'github', 'gitlab',
'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types
rule: self.type == 'github' || self.type == 'gitlab' || self.type ==
'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket'
|| self.type == 'azuredevops' || !has(self.commitStatusExpr)
type: object
served: true
storage: true
@@ -1166,7 +794,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
controller-gen.kubebuilder.io/version: v0.19.0
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -1225,6 +853,16 @@ spec:
Secret references.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
resourceFilter:
description: |-
ResourceFilter is a CEL expression expected to return a boolean that is
evaluated for each resource referenced in the Resources field when a
webhook is received. If the expression returns false then the controller
will not request a reconciliation for the resource.
When the expression is specified the controller will parse it and mark
the object as terminally failed if the expression is invalid or does not
return a boolean.
type: string
resources:
description: A list of resources to be notified about changes.
items:
@@ -1262,12 +900,12 @@ spec:
description: |-
Name of the referent
If multiple resources are targeted `*` may be set.
maxLength: 53
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
maxLength: 253
minLength: 1
type: string
required:
@@ -1322,16 +960,8 @@ spec:
conditions:
description: Conditions holds the conditions for the Receiver.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -1372,12 +1002,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -1411,222 +1036,6 @@ spec:
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1
name: v1beta1
schema:
openAPIV3Schema:
description: Receiver is the Schema for the receivers API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ReceiverSpec defines the desired state of Receiver
properties:
events:
description: |-
A list of events to handle,
e.g. 'push' for GitHub or 'Push Hook' for GitLab.
items:
type: string
type: array
resources:
description: A list of resources to be notified about changes.
items:
description: |-
CrossNamespaceObjectReference contains enough information to let you locate the
typed referenced object at cluster level
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type: string
matchLabels:
additionalProperties:
type: string
description: |-
MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
name:
description: Name of the referent
maxLength: 53
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
minLength: 1
type: string
required:
- name
type: object
type: array
secretRef:
description: |-
Secret reference containing the token used
to validate the payload authenticity
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: |-
This flag tells the controller to suspend subsequent events handling.
Defaults to false.
type: boolean
type:
description: |-
Type of webhook sender, used to determine
the validation procedure and payload deserialization.
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
type: string
required:
- resources
- type
type: object
status:
default:
observedGeneration: -1
description: ReceiverStatus defines the observed state of Receiver
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
url:
description: |-
Generated webhook URL in the format
of '/hook/sha256sum(token+name+namespace)'.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
@@ -1713,12 +1122,12 @@ spec:
description: |-
Name of the referent
If multiple resources are targeted `*` may be set.
maxLength: 53
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 53
maxLength: 253
minLength: 1
type: string
required:
@@ -1761,6 +1170,7 @@ spec:
type: string
required:
- resources
- secretRef
- type
type: object
status:
@@ -1771,16 +1181,8 @@ spec:
conditions:
description: Conditions holds the conditions for the Receiver.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -1821,12 +1223,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

2
notification-controller.deployment.yaml
View File

@@ -60,7 +60,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/notification-controller:v1.3.0
image: fluxcd/notification-controller:v1.7.5
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

2062
source-controller.crds.yaml
View File

File diff suppressed because it is too large Load Diff

2
source-controller.deployment.yaml
View File

@@ -50,7 +50,7 @@ spec:
fieldPath: metadata.namespace
- name: TUF_ROOT
value: /tmp/.sigstore
image: fluxcd/source-controller:v1.3.0
image: fluxcd/source-controller:v1.7.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

289
source-watcher.crds.yaml Normal file
View File

@@ -0,0 +1,289 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: artifactgenerators.source.extensions.fluxcd.io
spec:
group: source.extensions.fluxcd.io
names:
kind: ArtifactGenerator
listKind: ArtifactGeneratorList
plural: artifactgenerators
shortNames:
- ag
singular: artifactgenerator
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: ArtifactGenerator is the Schema for the artifactgenerators API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ArtifactGeneratorSpec defines the desired state of ArtifactGenerator.
properties:
artifacts:
description: OutputArtifacts is a list of output artifacts to be generated.
items:
description: |-
OutputArtifact defines the desired state of an ExternalArtifact
generated by the ArtifactGenerator.
properties:
copy:
description: |-
Copy defines a list of copy operations to perform from the sources to the generated artifact.
The copy operations are performed in the order they are listed with existing files
being overwritten by later copy operations.
items:
properties:
exclude:
description: |-
Exclude specifies a list of glob patterns to exclude
files and dirs matched by the 'From' field.
items:
type: string
maxItems: 100
type: array
from:
description: |-
From specifies the source (by alias) and the glob pattern to match files.
The format is "@<alias>/<glob-pattern>".
maxLength: 1024
pattern: ^@([a-z0-9]([a-z0-9_-]*[a-z0-9])?)/(.*)$
type: string
strategy:
description: |-
Strategy specifies the copy strategy to use.
'Overwrite' will overwrite existing files in the destination.
'Merge' is for merging YAML files using Helm values merge strategy.
If not specified, defaults to 'Overwrite'.
enum:
- Overwrite
- Merge
type: string
to:
description: |-
To specifies the destination path within the artifact.
The format is "@artifact/path", the alias "artifact"
refers to the root path of the generated artifact.
maxLength: 1024
pattern: ^@(artifact)/(.*)$
type: string
required:
- from
- to
type: object
minItems: 1
type: array
name:
description: Name is the name of the generated artifact.
maxLength: 253
pattern: ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
type: string
originRevision:
description: |-
OriginRevision is used to set the 'org.opencontainers.image.revision'
annotation on the generated artifact metadata.
If specified, it must point to an existing source alias in the format "@<alias>".
If the referenced source has an origin revision (e.g. a Git commit SHA),
it will be used to set the annotation on the generated artifact.
If the referenced source does not have an origin revision, the field is ignored.
maxLength: 64
pattern: ^@([a-z0-9]([a-z0-9_-]*[a-z0-9])?)$
type: string
revision:
description: |-
Revision is the revision of the generated artifact.
If specified, it must point to an existing source alias in the format "@<alias>".
If not specified, the revision is automatically set to the digest of the artifact content.
maxLength: 64
pattern: ^@([a-z0-9]([a-z0-9_-]*[a-z0-9])?)$
type: string
required:
- copy
- name
type: object
maxItems: 1000
minItems: 1
type: array
sources:
description: |-
Sources is a list of references to the Flux source-controller
resources that will be used to generate the artifact.
items:
description: SourceReference contains the reference to a Flux source-controller
resource.
properties:
alias:
description: |-
Alias of the source within the ArtifactGenerator context.
The alias must be unique per ArtifactGenerator, and must consist
of lower case alphanumeric characters, underscores, and hyphens.
It must start and end with an alphanumeric character.
maxLength: 63
pattern: ^[a-z0-9]([a-z0-9_-]*[a-z0-9])?$
type: string
kind:
description: Kind of the source.
enum:
- Bucket
- GitRepository
- OCIRepository
type: string
name:
description: Name of the source.
maxLength: 253
pattern: ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
type: string
namespace:
description: |-
Namespace of the source.
If not provided, defaults to the same namespace as the ArtifactGenerator.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- alias
- kind
- name
type: object
maxItems: 1000
minItems: 1
type: array
required:
- artifacts
- sources
type: object
status:
description: ArtifactGeneratorStatus defines the observed state of ArtifactGenerator.
properties:
conditions:
description: Conditions holds the conditions for the ArtifactGenerator.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
inventory:
description: Inventory contains the list of generated ExternalArtifact
references.
items:
description: |-
ExternalArtifactReference contains the reference to a
generated ExternalArtifact along with its digest.
properties:
digest:
description: Digest of the referent artifact.
type: string
filename:
description: Filename is the name of the artifact file.
type: string
name:
description: Name of the referent artifact.
type: string
namespace:
description: Namespace of the referent artifact.
type: string
required:
- digest
- filename
- name
- namespace
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
observedSourcesDigest:
description: |-
ObservedSourcesDigest is a hash representing the current state of
all the sources referenced by the ArtifactGenerator.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

100
source-watcher.deployment.yaml Normal file
View File

@@ -0,0 +1,100 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: source-watcher
name: source-watcher
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: source-watcher
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller
name: source-watcher
spec:
replicas: 1
selector:
matchLabels:
app: source-watcher
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: source-watcher
spec:
containers:
- args:
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-watcher.$(RUNTIME_NAMESPACE).svc.cluster.local.
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: fluxcd/source-watcher:v2.0.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
protocol: TCP
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
securityContext:
fsGroup: 1337
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp

4
vendor.tar.gz
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30106d77c0d462ef1d3f505199de615d270acf9190aa44db4370d3d55a5dc6b7
size 15290680
oid sha256:c1ae6f440c7d4be81660b19228dad34ea914948261b2d7528069ac280adcbd11
size 17580702