From 40fc795411209149e3c079e0993e551d1e08791d Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 26 Oct 2021 12:53:32 +0200 Subject: [PATCH 01/70] Add Flux v0.19.1 component manifests --- cluster/flux-system/gotk-components.yaml | 4110 ++++++++++++++++++++++ 1 file changed, 4110 insertions(+) create mode 100644 cluster/flux-system/gotk-components.yaml diff --git a/cluster/flux-system/gotk-components.yaml b/cluster/flux-system/gotk-components.yaml new file mode 100644 index 0000000..16f44d3 --- /dev/null +++ b/cluster/flux-system/gotk-components.yaml @@ -0,0 +1,4110 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: flux-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects + properties: + eventSeverity: + default: info + description: Filter events based on severity, defaults to ('info'). + If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + exclusionList: + description: A list of Golang regular expressions to be used for excluding + messages. + items: + type: string + type: array + providerRef: + description: Send events using this provider. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + summary: + description: Short description of the impact and affected cluster. + type: string + suspend: + description: This flag tells the controller to suspend subsequent + events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + default: + observedGeneration: -1 + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible + bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + - gcp + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials + for the Bucket. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 20s + description: The timeout for download operations, defaults to 20s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful + Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults + to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Extra git repositories to map into the repository + items: + description: GitRepositoryInclude defines a source with a from and + to path. + properties: + fromPath: + description: The path to copy contents from, defaults to the + root directory. + type: string + repository: + description: Reference to a GitRepository to include. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + toPath: + description: The path to copy contents to, defaults to the name + of the source ref. + type: string + required: + - repository + type: object + type: array + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes + all submodules within, using their default settings. This option + is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, + defaults to master branch. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag + filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over + Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS + repositories the secret must contain username and password fields. + For SSH repositories the secret must contain identity, identity.pub + and known_hosts fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 20s + description: The timeout for remote Git operations like cloning, defaults + to 20s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points + to. + properties: + mode: + description: Mode describes what git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all + trusted Git authors. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: IncludedArtifacts represents the included artifacts from + the last successful repository sync. + items: + description: Artifact represents the output of a source synchronisation. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the + SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + reconcileStrategy: + default: ChartVersion + description: Determines what enables the creation of a new artifact. + Valid values are ('ChartVersion', 'Revision'). See the documentation + of the values for an explanation on their behavior. Defaults to + ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, + expected to be a relative path in the SourceRef. Deprecated in favor + of ValuesFiles, for backwards compatibility the file defined here + is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart + values (values.yaml is not included by default), expected to be + a relative path in the SourceRef. Values files are merged in the + order of this list with the last file overriding the first. Ignored + when omitted. + items: + type: string + type: array + version: + default: '*' + description: The chart version semver expression, ignored for charts + from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that + should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source + for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + reconcileStrategy: + default: ChartVersion + description: Determines what enables the creation of a new + artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on + their behavior. Defaults to ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source + the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. + Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding + the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: Version semver expression, ignored for charts + from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults + to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference + to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt-in to CRD replace existing CRDs on Helm + install actions, which is not (yet) natively supported by Helm. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'value' key with the kubeconfig file as the value. It must + be in the same namespace as the HelmRelease. It is recommended + that the kubeconfig is self-contained, and the secret is regularly + updated if credentials such as a cloud-access-token expire. + Cloud specific `cmd-path` auth helpers will not function without + adding binaries and credentials to the Pod that is responsible + for reconciling the HelmRelease. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '10'. + type: integer + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and + the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document + with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. + https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline + YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if + applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the + same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully + applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful + Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + passCredentials: + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. + type: boolean + secretRef: + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain a + certFile and keyFile, and/or caCert fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least + a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys + used for decryption. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + slice with references to Kustomization resources that must be ready + before this Kustomization can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference + to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources + when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information + to let you locate the typed referenced object in any namespace + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or + digest) for changing image names, tags or digests. This can also + be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a + remote cluster. When specified, KubeConfig takes precedence over + ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'value' key with the kubeconfig file as the value. It must + be in the same namespace as the Kustomization. It is recommended + that the kubeconfig is self-contained, and the secret is regularly + updated if credentials such as a cloud-access-token expire. + Cloud specific `cmd-path` auth helpers will not function without + adding binaries and credentials to the Pod that is responsible + for reconciling the Kustomization. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + patches: + description: Strategic merge and JSON patches, defined as inline YAML + objects, capable of targeting objects based on kind, label and annotation + selectors. + items: + description: Patch contains either a StrategicMerge or a JSON6902 + patch, either a file or inline, and the target the patch should + be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target + the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml + file, or the set of plain YAMLs a kustomization.yaml should be generated + for. Defaults to 'None', which translates to the root path of the + SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML + manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables + defined in your YAML manifests that match any of the keys defined + in the map will be substituted with the set value. Includes + support for bash string replacement functions e.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and + Secrets containing the variables and their values to be substituted + in the YAML manifests. The ConfigMap and the Secret data keys + represent the var names and they must match the vars declared + in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource + containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. + When not specified, the controller uses the KustomizationSpec.Interval + value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the Kustomization + namespace + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them + on the cluster. The validation strategy can be 'client' (local dry-run), + 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', + validation will fallback to 'client' if set to 'server' because + server-side validation is not supported in this scenario. + enum: + - none + - client + - server + type: string + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision + format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + checksum: + description: The manifests sha1 checksum. + type: string + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes + objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + required: + - checksum + - entries + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the configuration to calculate + the desired state from a Source using Kustomize. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys + used for decryption. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + slice with references to Kustomization resources that must be ready + before this Kustomization can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference + to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources + when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information + to let you locate the typed referenced object in any namespace + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or + digest) for changing image names, tags or digests. This can also + be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a + remote cluster. When specified, KubeConfig takes precedence over + ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'value' key with the kubeconfig file as the value. It must + be in the same namespace as the Kustomization. It is recommended + that the kubeconfig is self-contained, and the secret is regularly + updated if credentials such as a cloud-access-token expire. + Cloud specific `cmd-path` auth helpers will not function without + adding binaries and credentials to the Pod that is responsible + for reconciling the Kustomization. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + patches: + description: Strategic merge and JSON patches, defined as inline YAML + objects, capable of targeting objects based on kind, label and annotation + selectors. + items: + description: Patch contains either a StrategicMerge or a JSON6902 + patch, either a file or inline, and the target the patch should + be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + type: object + type: array + patchesJson6902: + description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: + Use Patches instead.' + items: + description: JSON6902Patch contains a JSON6902 patch and the target + the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with + an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources + from. Together with Version and Kind it is capable of + unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the + label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of unambiguously + identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: 'Strategic merge patches, defined as inline YAML objects. + Deprecated: Use Patches instead.' + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml + file, or the set of plain YAMLs a kustomization.yaml should be generated + for. Defaults to 'None', which translates to the root path of the + SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML + manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables + defined in your YAML manifests that match any of the keys defined + in the map will be substituted with the set value. Includes + support for bash string replacement functions e.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and + Secrets containing the variables and their values to be substituted + in the YAML manifests. The ConfigMap and the Secret data keys + represent the var names and they must match the vars declared + in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource + containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. + When not specified, the controller uses the KustomizationSpec.Interval + value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, defaults to the namespace + of the Kubernetes resource object that contains the reference. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + type: string + validation: + description: 'Deprecated: Not used in v1beta2.' + enum: + - none + - client + - server + type: string + wait: + description: Wait instructs the controller to check the health of + all the reconciled resources. When enabled, the HealthChecks are + ignored. Defaults to false. + type: boolean + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: Inventory contains the list of Kubernetes resource object + references that have been successfully applied. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: ID is the string representation of the Kubernetes + resource object's metadata, in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: The last successfully applied revision. The revision + format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP/S webhook address of this provider + pattern: ^(http|https):// + type: string + certSecretRef: + description: CertSecretRef can be given the name of a secret containing + a PEM-encoded CA certificate (`caFile`) + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + channel: + description: Alert channel for this provider + type: string + proxy: + description: HTTP/S address of the proxy + pattern: ^(http|https):// + type: string + secretRef: + description: Secret reference containing the provider webhook URL + using "address" as data key + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + - github + - gitlab + - bitbucket + - azuredevops + - googlechat + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + default: + observedGeneration: -1 + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or + 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate + the payload authenticity + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation + procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.12.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/kustomize-controller:v0.16.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/notification-controller:v0.18.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 9292 + name: http-webhook + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/source-controller:v0.16.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress From c299e829baba8d4a5b52b4feff1ddbaf9f16688d Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 26 Oct 2021 12:54:00 +0200 Subject: [PATCH 02/70] Add Flux sync manifests --- cluster/flux-system/gotk-sync.yaml | 26 ++++++++++++++++++++++++++ cluster/flux-system/kustomization.yaml | 5 +++++ 2 files changed, 31 insertions(+) create mode 100644 cluster/flux-system/gotk-sync.yaml create mode 100644 cluster/flux-system/kustomization.yaml diff --git a/cluster/flux-system/gotk-sync.yaml b/cluster/flux-system/gotk-sync.yaml new file mode 100644 index 0000000..a9b1c9b --- /dev/null +++ b/cluster/flux-system/gotk-sync.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: main + secretRef: + name: flux-system + url: ssh://git@git.xirion.net:2222/olympus/flux.git +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./cluster + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/cluster/flux-system/kustomization.yaml b/cluster/flux-system/kustomization.yaml new file mode 100644 index 0000000..3842229 --- /dev/null +++ b/cluster/flux-system/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- gotk-components.yaml +- gotk-sync.yaml From 79838b09e48001c04b2fa91f9998ee3ffde1a862 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 26 Oct 2021 15:14:54 +0200 Subject: [PATCH 03/70] add: namespace 'presidential paradise' --- cluster/core/kustomization.yaml | 4 ++++ cluster/core/namespaces/kustomization.yaml | 4 ++++ cluster/core/namespaces/presidential-paradise.yaml | 6 ++++++ 3 files changed, 14 insertions(+) create mode 100644 cluster/core/kustomization.yaml create mode 100644 cluster/core/namespaces/kustomization.yaml create mode 100644 cluster/core/namespaces/presidential-paradise.yaml diff --git a/cluster/core/kustomization.yaml b/cluster/core/kustomization.yaml new file mode 100644 index 0000000..4b61208 --- /dev/null +++ b/cluster/core/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespaces diff --git a/cluster/core/namespaces/kustomization.yaml b/cluster/core/namespaces/kustomization.yaml new file mode 100644 index 0000000..2bf7452 --- /dev/null +++ b/cluster/core/namespaces/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - presidential-paradise.yaml diff --git a/cluster/core/namespaces/presidential-paradise.yaml b/cluster/core/namespaces/presidential-paradise.yaml new file mode 100644 index 0000000..a1fcc80 --- /dev/null +++ b/cluster/core/namespaces/presidential-paradise.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: presidential-paradise + From 45d5e3a0c42d3a4a9ae041a26cd0c9ea7d44d138 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 26 Oct 2021 16:33:27 +0200 Subject: [PATCH 04/70] add: networking namespace && metallb-charts --- README.md | 1 + cluster/core/namespaces/kustomization.yaml | 1 + cluster/core/namespaces/networking.yaml | 5 +++++ cluster/flux-system/charts/helm/kustomization.yaml | 4 ++++ cluster/flux-system/charts/helm/metallb-charts.yaml | 10 ++++++++++ cluster/flux-system/charts/kustomization.yaml | 5 +++++ cluster/flux-system/kustomization.yaml | 1 + 7 files changed, 27 insertions(+) create mode 100644 README.md create mode 100644 cluster/core/namespaces/networking.yaml create mode 100644 cluster/flux-system/charts/helm/kustomization.yaml create mode 100644 cluster/flux-system/charts/helm/metallb-charts.yaml create mode 100644 cluster/flux-system/charts/kustomization.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..a0ed78f --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# Kubernetes Cluster diff --git a/cluster/core/namespaces/kustomization.yaml b/cluster/core/namespaces/kustomization.yaml index 2bf7452..8b2dd57 100644 --- a/cluster/core/namespaces/kustomization.yaml +++ b/cluster/core/namespaces/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - presidential-paradise.yaml + - networking.yaml diff --git a/cluster/core/namespaces/networking.yaml b/cluster/core/namespaces/networking.yaml new file mode 100644 index 0000000..fa9575e --- /dev/null +++ b/cluster/core/namespaces/networking.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: networking diff --git a/cluster/flux-system/charts/helm/kustomization.yaml b/cluster/flux-system/charts/helm/kustomization.yaml new file mode 100644 index 0000000..326c3cc --- /dev/null +++ b/cluster/flux-system/charts/helm/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - metallb-charts.yaml diff --git a/cluster/flux-system/charts/helm/metallb-charts.yaml b/cluster/flux-system/charts/helm/metallb-charts.yaml new file mode 100644 index 0000000..9f91c08 --- /dev/null +++ b/cluster/flux-system/charts/helm/metallb-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: metallb-charts + namespace: flux-system +spec: + interval: 15m0s + url: https://metallb.github.io/metallb + diff --git a/cluster/flux-system/charts/kustomization.yaml b/cluster/flux-system/charts/kustomization.yaml new file mode 100644 index 0000000..dadf6d6 --- /dev/null +++ b/cluster/flux-system/charts/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm + diff --git a/cluster/flux-system/kustomization.yaml b/cluster/flux-system/kustomization.yaml index 3842229..2974f2d 100644 --- a/cluster/flux-system/kustomization.yaml +++ b/cluster/flux-system/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - gotk-components.yaml - gotk-sync.yaml +- charts From 299d0203dfe3375aa47ccab0de65156e1e4e82f5 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 26 Oct 2021 16:38:53 +0200 Subject: [PATCH 05/70] add: metallb --- cluster/core/networking/kustomization.yaml | 5 +++ .../core/networking/metallb/helm-release.yaml | 31 +++++++++++++++++++ .../networking/metallb/kustomization.yaml | 5 +++ 3 files changed, 41 insertions(+) create mode 100644 cluster/core/networking/kustomization.yaml create mode 100644 cluster/core/networking/metallb/helm-release.yaml create mode 100644 cluster/core/networking/metallb/kustomization.yaml diff --git a/cluster/core/networking/kustomization.yaml b/cluster/core/networking/kustomization.yaml new file mode 100644 index 0000000..716c6af --- /dev/null +++ b/cluster/core/networking/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - metallb diff --git a/cluster/core/networking/metallb/helm-release.yaml b/cluster/core/networking/metallb/helm-release.yaml new file mode 100644 index 0000000..a976d46 --- /dev/null +++ b/cluster/core/networking/metallb/helm-release.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: metallb + namespace: networking +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://metallb.github.io/metallb + chart: metallb + version: 0.10.3 + sourceRef: + kind: HelmRepository + name: metallb-charts + namespace: flux-system + interval: 5m + values: + configInline: + address-pools: + - name: default + protocol: layer2 + addresses: + - 10.42.42.150-192.168.42.200 + speaker: + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" diff --git a/cluster/core/networking/metallb/kustomization.yaml b/cluster/core/networking/metallb/kustomization.yaml new file mode 100644 index 0000000..2fa2de2 --- /dev/null +++ b/cluster/core/networking/metallb/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml From 18d64a9b0e929184c22a3cfc0432df4101fe59a8 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 26 Oct 2021 16:43:19 +0200 Subject: [PATCH 06/70] fix: add metallb properly to kustomization.yaml --- cluster/core/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/core/kustomization.yaml b/cluster/core/kustomization.yaml index 4b61208..04425b4 100644 --- a/cluster/core/kustomization.yaml +++ b/cluster/core/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespaces + - metallb From 225bf1c38e7d2df93801cfbce99014746a5037bc Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Tue, 26 Oct 2021 16:44:31 +0200 Subject: [PATCH 07/70] fix: add networking to kustomization instead of metallb --- cluster/core/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/core/kustomization.yaml b/cluster/core/kustomization.yaml index 04425b4..bf0a6d5 100644 --- a/cluster/core/kustomization.yaml +++ b/cluster/core/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespaces - - metallb + - networking From c4b4926f6fbd99da0cc89d336dac01fb403d6b44 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 12:00:35 +0200 Subject: [PATCH 08/70] change layout --- cluster/base/core.yaml | 15 +++++++++++++++ cluster/base/crds.yaml | 13 +++++++++++++ .../flux-system/charts/helm/kustomization.yaml | 0 .../flux-system/charts/helm/metallb-charts.yaml | 0 .../flux-system/charts/kustomization.yaml | 0 .../{ => base}/flux-system/gotk-components.yaml | 0 cluster/{ => base}/flux-system/gotk-sync.yaml | 0 cluster/{ => base}/flux-system/kustomization.yaml | 0 cluster/crds/kustomization.yaml | 3 +++ 9 files changed, 31 insertions(+) create mode 100644 cluster/base/core.yaml create mode 100644 cluster/base/crds.yaml rename cluster/{ => base}/flux-system/charts/helm/kustomization.yaml (100%) rename cluster/{ => base}/flux-system/charts/helm/metallb-charts.yaml (100%) rename cluster/{ => base}/flux-system/charts/kustomization.yaml (100%) rename cluster/{ => base}/flux-system/gotk-components.yaml (100%) rename cluster/{ => base}/flux-system/gotk-sync.yaml (100%) rename cluster/{ => base}/flux-system/kustomization.yaml (100%) create mode 100644 cluster/crds/kustomization.yaml diff --git a/cluster/base/core.yaml b/cluster/base/core.yaml new file mode 100644 index 0000000..17c7870 --- /dev/null +++ b/cluster/base/core.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: core + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: crds + path: ./cluster/core + prune: false + sourceRef: + kind: GitRepository + name: flux-system diff --git a/cluster/base/crds.yaml b/cluster/base/crds.yaml new file mode 100644 index 0000000..c938c9b --- /dev/null +++ b/cluster/base/crds.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: crds + namespace: flux-system +spec: + interval: 10m0s + path: ./cluster/crds + prune: false + sourceRef: + kind: GitRepository + name: flux-system diff --git a/cluster/flux-system/charts/helm/kustomization.yaml b/cluster/base/flux-system/charts/helm/kustomization.yaml similarity index 100% rename from cluster/flux-system/charts/helm/kustomization.yaml rename to cluster/base/flux-system/charts/helm/kustomization.yaml diff --git a/cluster/flux-system/charts/helm/metallb-charts.yaml b/cluster/base/flux-system/charts/helm/metallb-charts.yaml similarity index 100% rename from cluster/flux-system/charts/helm/metallb-charts.yaml rename to cluster/base/flux-system/charts/helm/metallb-charts.yaml diff --git a/cluster/flux-system/charts/kustomization.yaml b/cluster/base/flux-system/charts/kustomization.yaml similarity index 100% rename from cluster/flux-system/charts/kustomization.yaml rename to cluster/base/flux-system/charts/kustomization.yaml diff --git a/cluster/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml similarity index 100% rename from cluster/flux-system/gotk-components.yaml rename to cluster/base/flux-system/gotk-components.yaml diff --git a/cluster/flux-system/gotk-sync.yaml b/cluster/base/flux-system/gotk-sync.yaml similarity index 100% rename from cluster/flux-system/gotk-sync.yaml rename to cluster/base/flux-system/gotk-sync.yaml diff --git a/cluster/flux-system/kustomization.yaml b/cluster/base/flux-system/kustomization.yaml similarity index 100% rename from cluster/flux-system/kustomization.yaml rename to cluster/base/flux-system/kustomization.yaml diff --git a/cluster/crds/kustomization.yaml b/cluster/crds/kustomization.yaml new file mode 100644 index 0000000..b83b23e --- /dev/null +++ b/cluster/crds/kustomization.yaml @@ -0,0 +1,3 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: [] From 640e5f3c3968ba2443336f967c68934ade6cc7f6 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 12:09:16 +0200 Subject: [PATCH 09/70] Update README.md --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index a0ed78f..948ec85 100644 --- a/README.md +++ b/README.md @@ -1 +1,14 @@ # Kubernetes Cluster +This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster. + +## Directory structure +The main directory is `cluster`, it contains the following subdirectories in the order that flux will apply them: +* **base**: the entrypoint for Flux +* **crds**: contains the CRDs that are needed for anything running in the cluster, these get applied earlier to make sure they exist +* **core**: important core infrastructure applications, grouped by namespace, that should never be pruned +* **apps**: common applications that are allowed to be pruned by flux + +## References +Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster) + +[Flux]: https://github.com/fluxcd/flux2 From 27a821d67ac9d72c638f8979cb622191584cb541 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 12:52:45 +0200 Subject: [PATCH 10/70] add: traefik CRDs --- cluster/crds/kustomization.yaml | 3 ++- cluster/crds/traefik/crds.yaml | 30 +++++++++++++++++++++++++ cluster/crds/traefik/kustomization.yaml | 4 ++++ 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 cluster/crds/traefik/crds.yaml create mode 100644 cluster/crds/traefik/kustomization.yaml diff --git a/cluster/crds/kustomization.yaml b/cluster/crds/kustomization.yaml index b83b23e..15e57e2 100644 --- a/cluster/crds/kustomization.yaml +++ b/cluster/crds/kustomization.yaml @@ -1,3 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] +resources: + - traefik diff --git a/cluster/crds/traefik/crds.yaml b/cluster/crds/traefik/crds.yaml new file mode 100644 index 0000000..fa7428c --- /dev/null +++ b/cluster/crds/traefik/crds.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: traefik-crd-source + namespace: flux-system +spec: + interval: 30m + url: https://github.com/traefik/traefik-helm-chart.git + ref: + # renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik + tag: v10.6.0 + ignore: | + # exclude all + /* + # path to crds + !/traefik/crds/ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: traefik-crds + namespace: flux-system +spec: + interval: 15m + prune: false + wait: true + sourceRef: + kind: GitRepository + name: traefik-crd-source diff --git a/cluster/crds/traefik/kustomization.yaml b/cluster/crds/traefik/kustomization.yaml new file mode 100644 index 0000000..2ed3b35 --- /dev/null +++ b/cluster/crds/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml From 862c914468cc062ef7397be7ea12dd2bbdee9bf5 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 15:00:59 +0200 Subject: [PATCH 11/70] add traefik --- cluster/apps/kustomization.yaml | 4 ++ cluster/apps/networking/kustomization.yaml | 4 ++ .../apps/networking/traefik/helm-release.yaml | 67 +++++++++++++++++++ .../networking/traefik/kustomization.yaml | 4 ++ cluster/base/apps.yaml | 15 +++++ .../charts/helm/kustomization.yaml | 1 + .../charts/helm/traefik-charts.yaml | 10 +++ 7 files changed, 105 insertions(+) create mode 100644 cluster/apps/kustomization.yaml create mode 100644 cluster/apps/networking/kustomization.yaml create mode 100644 cluster/apps/networking/traefik/helm-release.yaml create mode 100644 cluster/apps/networking/traefik/kustomization.yaml create mode 100644 cluster/base/apps.yaml create mode 100644 cluster/base/flux-system/charts/helm/traefik-charts.yaml diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml new file mode 100644 index 0000000..1a8401e --- /dev/null +++ b/cluster/apps/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - networking diff --git a/cluster/apps/networking/kustomization.yaml b/cluster/apps/networking/kustomization.yaml new file mode 100644 index 0000000..0ad868a --- /dev/null +++ b/cluster/apps/networking/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik diff --git a/cluster/apps/networking/traefik/helm-release.yaml b/cluster/apps/networking/traefik/helm-release.yaml new file mode 100644 index 0000000..91a489a --- /dev/null +++ b/cluster/apps/networking/traefik/helm-release.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: traefik + namespace: networking +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://helm.traefik.io/traefik + chart: traefik + version: 10.6.0 + sourceRef: + kind: HelmRepository + name: traefik-charts + namespace: flux-system + interval: 5m + values: + image: + name: traefik + deployment: + kind: Deployment + replicas: 2 + service: + enabled: true + type: LoadBalancer + spec: + externalIPs: + - 10.42.42.150 + externalTrafficPolicy: Local + logs: + general: + level: WARN + ingressClass: + enabled: true + isDefaultClass: true + fallbackApiVersion: v1 + globalArguments: + - "--providers.kubernetesingress.ingressclass=traefik" + - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23" + additionalArguments: + - "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150" + ports: + traefik: + port: 9000 + expose: true + web: + port: 8000 + exposedPort: 8000 + expose: true + websecure: + port: 8443 + exposedPort: 8443 + expose: true + pilot: + enabled: false + experimental: + plugins: + enabled: false + affinity: {} + resources: + requests: + memory: 100Mi + cpu: 500m + limits: + memory: 500Mi diff --git a/cluster/apps/networking/traefik/kustomization.yaml b/cluster/apps/networking/traefik/kustomization.yaml new file mode 100644 index 0000000..34a8531 --- /dev/null +++ b/cluster/apps/networking/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml diff --git a/cluster/base/apps.yaml b/cluster/base/apps.yaml new file mode 100644 index 0000000..71aa43d --- /dev/null +++ b/cluster/base/apps.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: core + path: ./cluster/apps + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/cluster/base/flux-system/charts/helm/kustomization.yaml b/cluster/base/flux-system/charts/helm/kustomization.yaml index 326c3cc..65d6813 100644 --- a/cluster/base/flux-system/charts/helm/kustomization.yaml +++ b/cluster/base/flux-system/charts/helm/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - metallb-charts.yaml + - traefik-charts.yaml diff --git a/cluster/base/flux-system/charts/helm/traefik-charts.yaml b/cluster/base/flux-system/charts/helm/traefik-charts.yaml new file mode 100644 index 0000000..dda0b32 --- /dev/null +++ b/cluster/base/flux-system/charts/helm/traefik-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: traefik-charts + namespace: flux-system +spec: + interval: 15m + url: https://helm.traefik.io/traefik + timeout: 3m From 5857b6512f613b7766631f6f06432e5399a3a6ba Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 15:26:13 +0200 Subject: [PATCH 12/70] add: wooloofan.club (temp. whoami container) --- cluster/apps/kustomization.yaml | 1 + .../presidential-paradise/kustomization.yaml | 4 ++ .../wooloofanclub/kustomization.yaml | 4 ++ .../wooloofanclub/wooloo.yaml | 53 +++++++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 cluster/apps/presidential-paradise/kustomization.yaml create mode 100644 cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml create mode 100644 cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml index 1a8401e..b075bbe 100644 --- a/cluster/apps/kustomization.yaml +++ b/cluster/apps/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - networking + - presidential-paradise diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml new file mode 100644 index 0000000..d5ef44b --- /dev/null +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - wooloofanclub diff --git a/cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml b/cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml new file mode 100644 index 0000000..1f8410f --- /dev/null +++ b/cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - wooloo.yaml diff --git a/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml b/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml new file mode 100644 index 0000000..4676739 --- /dev/null +++ b/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wooloofan-club + namespace: presidential-paradise + labels: + app: wooloofan-club +spec: + replicas: 1 + selector: + matchLabels: + app: wooloofan-club + template: + metadata: + labels: + app: wooloofan-club + spec: + containers: + - name: wooloofan-club + image: containous/whoami + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: wooloofan-club-service + namespace: presidential-paradise +spec: + selector: + app: wooloofan-club + ports: + - protocol: TCP + port: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wooloofan-club-ingress + namespace: presidential-paradise +spec: + ingressClassName: "traefik" + rules: + - host: "wooloofan.club" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wooloofan-club-service + port: + number: 80 From 4f5eedf20f85b73843985c1082a5ff21052fd93e Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Wed, 27 Oct 2021 15:33:29 +0200 Subject: [PATCH 13/70] update: wooloofan.club to real container + add whoami subdomain --- .../wooloofanclub/wooloo.yaml | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml b/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml index 4676739..fd2d56d 100644 --- a/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml +++ b/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml @@ -17,6 +17,29 @@ spec: spec: containers: - name: wooloofan-club + image: 0x76/wooloofan.club + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wooloofan-club-whoami + namespace: presidential-paradise + labels: + app: wooloofan-club-whoami +spec: + replicas: 1 + selector: + matchLabels: + app: wooloofan-club-whoami + template: + metadata: + labels: + app: wooloofan-club-whoami + spec: + containers: + - name: wooloofan-club-whoami image: containous/whoami ports: - containerPort: 80 @@ -33,6 +56,18 @@ spec: - protocol: TCP port: 80 --- +apiVersion: v1 +kind: Service +metadata: + name: wooloofan-club-whoami-service + namespace: presidential-paradise +spec: + selector: + app: wooloofan-club-whoami + ports: + - protocol: TCP + port: 80 +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -51,3 +86,13 @@ spec: name: wooloofan-club-service port: number: 80 + - host: "whoami.wooloofan.club" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wooloofan-club-whoami-service + port: + number: 80 From 13e466deb8e7b5be993a2eaf60b80f22d32dbd8a Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 12:30:33 +0200 Subject: [PATCH 14/70] Bump From 49590597ce2881149f60b65a6ec10648f1c8c55b Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 12:32:04 +0200 Subject: [PATCH 15/70] flux: change path --- cluster/base/flux-system/gotk-sync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/base/flux-system/gotk-sync.yaml b/cluster/base/flux-system/gotk-sync.yaml index a9b1c9b..671309f 100644 --- a/cluster/base/flux-system/gotk-sync.yaml +++ b/cluster/base/flux-system/gotk-sync.yaml @@ -19,7 +19,7 @@ metadata: namespace: flux-system spec: interval: 10m0s - path: ./cluster + path: ./cluster/base prune: true sourceRef: kind: GitRepository From e84bc79e6ff2e05e8270fde881194291ac4d67a3 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Thu, 28 Oct 2021 12:37:03 +0200 Subject: [PATCH 16/70] Add Flux v0.19.1 component manifests --- cluster/base/flux-system/gotk-components.yaml | 2123 +++++++++++++++++ 1 file changed, 2123 insertions(+) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 16f44d3..6be397d 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -2016,6 +2016,1955 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: imagepolicies.image.toolkit.fluxcd.io +spec: + group: image.toolkit.fluxcd.io + names: + kind: ImagePolicy + listKind: ImagePolicyList + plural: imagepolicies + singular: imagepolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.latestImage + name: LatestImage + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ImagePolicy is the Schema for the imagepolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImagePolicySpec defines the parameters for calculating the + ImagePolicy + properties: + filterTags: + description: FilterTags enables filtering for only a subset of tags + based on a set of rules. If no rules are provided, all the tags + from the repository will be ordered and compared. + properties: + extract: + description: Extract allows a capture group to be extracted from + the specified regular expression pattern, useful before tag + evaluation. + type: string + pattern: + description: Pattern specifies a regular expression pattern used + to filter for image tags. + type: string + type: object + imageRepositoryRef: + description: ImageRepositoryRef points at the object specifying the + image being scanned + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + policy: + description: Policy gives the particulars of the policy to be followed + in selecting the most recent image + properties: + alphabetical: + description: Alphabetical set of rules to use for alphabetical + ordering of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the letters of the alphabet as tags, ascending order + would select Z, and descending order would select A. + enum: + - asc + - desc + type: string + type: object + numerical: + description: Numerical set of rules to use for numerical ordering + of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the integer values from 0 to 9 as tags, ascending + order would select 9, and descending order would select + 0. + enum: + - asc + - desc + type: string + type: object + semver: + description: SemVer gives a semantic version range to check against + the tags available. + properties: + range: + description: Range gives a semver range for the image tag; + the highest version within the range that's a tag yields + the latest image. + type: string + required: + - range + type: object + type: object + required: + - imageRepositoryRef + - policy + type: object + status: + description: ImagePolicyStatus defines the observed state of ImagePolicy + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + latestImage: + description: LatestImage gives the first in the list of images scanned + by the image repository, when filtered and ordered according to + the policy. + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.latestImage + name: LatestImage + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: ImagePolicy is the Schema for the imagepolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImagePolicySpec defines the parameters for calculating the + ImagePolicy + properties: + filterTags: + description: FilterTags enables filtering for only a subset of tags + based on a set of rules. If no rules are provided, all the tags + from the repository will be ordered and compared. + properties: + extract: + description: Extract allows a capture group to be extracted from + the specified regular expression pattern, useful before tag + evaluation. + type: string + pattern: + description: Pattern specifies a regular expression pattern used + to filter for image tags. + type: string + type: object + imageRepositoryRef: + description: ImageRepositoryRef points at the object specifying the + image being scanned + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + policy: + description: Policy gives the particulars of the policy to be followed + in selecting the most recent image + properties: + alphabetical: + description: Alphabetical set of rules to use for alphabetical + ordering of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the letters of the alphabet as tags, ascending order + would select Z, and descending order would select A. + enum: + - asc + - desc + type: string + type: object + numerical: + description: Numerical set of rules to use for numerical ordering + of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the integer values from 0 to 9 as tags, ascending + order would select 9, and descending order would select + 0. + enum: + - asc + - desc + type: string + type: object + semver: + description: SemVer gives a semantic version range to check against + the tags available. + properties: + range: + description: Range gives a semver range for the image tag; + the highest version within the range that's a tag yields + the latest image. + type: string + required: + - range + type: object + type: object + required: + - imageRepositoryRef + - policy + type: object + status: + description: ImagePolicyStatus defines the observed state of ImagePolicy + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + latestImage: + description: LatestImage gives the first in the list of images scanned + by the image repository, when filtered and ordered according to + the policy. + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.latestImage + name: LatestImage + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ImagePolicy is the Schema for the imagepolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImagePolicySpec defines the parameters for calculating the + ImagePolicy + properties: + filterTags: + description: FilterTags enables filtering for only a subset of tags + based on a set of rules. If no rules are provided, all the tags + from the repository will be ordered and compared. + properties: + extract: + description: Extract allows a capture group to be extracted from + the specified regular expression pattern, useful before tag + evaluation. + type: string + pattern: + description: Pattern specifies a regular expression pattern used + to filter for image tags. + type: string + type: object + imageRepositoryRef: + description: ImageRepositoryRef points at the object specifying the + image being scanned + properties: + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference + type: string + required: + - name + type: object + policy: + description: Policy gives the particulars of the policy to be followed + in selecting the most recent image + properties: + alphabetical: + description: Alphabetical set of rules to use for alphabetical + ordering of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the letters of the alphabet as tags, ascending order + would select Z, and descending order would select A. + enum: + - asc + - desc + type: string + type: object + numerical: + description: Numerical set of rules to use for numerical ordering + of the tags. + properties: + order: + default: asc + description: Order specifies the sorting order of the tags. + Given the integer values from 0 to 9 as tags, ascending + order would select 9, and descending order would select + 0. + enum: + - asc + - desc + type: string + type: object + semver: + description: SemVer gives a semantic version range to check against + the tags available. + properties: + range: + description: Range gives a semver range for the image tag; + the highest version within the range that's a tag yields + the latest image. + type: string + required: + - range + type: object + type: object + required: + - imageRepositoryRef + - policy + type: object + status: + description: ImagePolicyStatus defines the observed state of ImagePolicy + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + latestImage: + description: LatestImage gives the first in the list of images scanned + by the image repository, when filtered and ordered according to + the policy. + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: imagerepositories.image.toolkit.fluxcd.io +spec: + group: image.toolkit.fluxcd.io + names: + kind: ImageRepository + listKind: ImageRepositoryList + plural: imagerepositories + singular: imagerepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.lastScanResult.scanTime + name: Last scan + type: string + - jsonPath: .status.lastScanResult.tagCount + name: Tags + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageRepository is the Schema for the imagerepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRepositorySpec defines the parameters for scanning an + image repository, e.g., `fluxcd/flux`. + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a secret containing + either or both of \n - a PEM-encoded client certificate (`certFile`) + and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) + \n and whichever are supplied, will be used for connecting to the + \ registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate." + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + image: + description: Image is the name of the image repository + type: string + interval: + description: Interval is the length of time to wait between scans + of the image repository. + type: string + secretRef: + description: SecretRef can be given the name of a secret containing + credentials to use for the image registry. The secret should be + created with `kubectl create secret docker-registry`, or the equivalent. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + image scans. It does not apply to already started scans. Defaults + to false. + type: boolean + timeout: + description: Timeout for image scanning. Defaults to 'Interval' duration. + type: string + type: object + status: + description: ImageRepositoryStatus defines the observed state of ImageRepository + properties: + canonicalImageName: + description: CanonicalName is the name of the image repository with + all the implied bits made explicit; e.g., `docker.io/library/alpine` + rather than `alpine`. + type: string + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastScanResult: + description: LastScanResult contains the number of fetched tags. + properties: + scanTime: + format: date-time + type: string + tagCount: + type: integer + required: + - tagCount + type: object + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.lastScanResult.scanTime + name: Last scan + type: string + - jsonPath: .status.lastScanResult.tagCount + name: Tags + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: ImageRepository is the Schema for the imagerepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRepositorySpec defines the parameters for scanning an + image repository, e.g., `fluxcd/flux`. + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a secret containing + either or both of \n - a PEM-encoded client certificate (`certFile`) + and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) + \n and whichever are supplied, will be used for connecting to the + \ registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate." + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + image: + description: Image is the name of the image repository + type: string + interval: + description: Interval is the length of time to wait between scans + of the image repository. + type: string + secretRef: + description: SecretRef can be given the name of a secret containing + credentials to use for the image registry. The secret should be + created with `kubectl create secret docker-registry`, or the equivalent. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + image scans. It does not apply to already started scans. Defaults + to false. + type: boolean + timeout: + description: Timeout for image scanning. Defaults to 'Interval' duration. + type: string + type: object + status: + description: ImageRepositoryStatus defines the observed state of ImageRepository + properties: + canonicalImageName: + description: CanonicalName is the name of the image repository with + all the implied bits made explicit; e.g., `docker.io/library/alpine` + rather than `alpine`. + type: string + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastScanResult: + description: LastScanResult contains the number of fetched tags. + properties: + scanTime: + format: date-time + type: string + tagCount: + type: integer + required: + - tagCount + type: object + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.lastScanResult.scanTime + name: Last scan + type: string + - jsonPath: .status.lastScanResult.tagCount + name: Tags + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ImageRepository is the Schema for the imagerepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRepositorySpec defines the parameters for scanning an + image repository, e.g., `fluxcd/flux`. + properties: + accessFrom: + description: AccessFrom defines an ACL for allowing cross-namespace + references to the ImageRepository object based on the caller's namespace + labels. + properties: + namespaceSelectors: + items: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + certSecretRef: + description: "CertSecretRef can be given the name of a secret containing + either or both of \n - a PEM-encoded client certificate (`certFile`) + and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) + \n and whichever are supplied, will be used for connecting to the + \ registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate." + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + image: + description: Image is the name of the image repository + type: string + interval: + description: Interval is the length of time to wait between scans + of the image repository. + type: string + secretRef: + description: SecretRef can be given the name of a secret containing + credentials to use for the image registry. The secret should be + created with `kubectl create secret docker-registry`, or the equivalent. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + image scans. It does not apply to already started scans. Defaults + to false. + type: boolean + timeout: + description: Timeout for image scanning. Defaults to 'Interval' duration. + type: string + type: object + status: + description: ImageRepositoryStatus defines the observed state of ImageRepository + properties: + canonicalImageName: + description: CanonicalName is the name of the image repository with + all the implied bits made explicit; e.g., `docker.io/library/alpine` + rather than `alpine`. + type: string + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastScanResult: + description: LastScanResult contains the number of fetched tags. + properties: + scanTime: + format: date-time + type: string + tagCount: + type: integer + required: + - tagCount + type: object + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: imageupdateautomations.image.toolkit.fluxcd.io +spec: + group: image.toolkit.fluxcd.io + names: + kind: ImageUpdateAutomation + listKind: ImageUpdateAutomationList + plural: imageupdateautomations + singular: imageupdateautomation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.lastAutomationRunTime + name: Last run + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageUpdateAutomation is the Schema for the imageupdateautomations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation + properties: + checkout: + description: Checkout gives the parameters for cloning the git repository, + ready to make changes. + properties: + branch: + description: Branch gives the branch to clone from the git repository. + If `.spec.push` is not supplied, commits will also be pushed + to this branch. + type: string + gitRepositoryRef: + description: GitRepositoryRef refers to the resource giving access + details to a git repository to update files in. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - branch + - gitRepositoryRef + type: object + commit: + description: Commit specifies how to commit to the git repository. + properties: + authorEmail: + description: AuthorEmail gives the email to provide when making + a commit + type: string + authorName: + description: AuthorName gives the name to provide when making + a commit + type: string + messageTemplate: + description: MessageTemplate provides a template for the commit + message, into which will be interpolated the details of the + change made. + type: string + signingKey: + description: SigningKey provides the option to sign commits with + a GPG key + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'git.asc' key corresponding to the ASCII Armored file + containing the GPG signing keypair as the value. It must + be in the same namespace as the ImageUpdateAutomation. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + required: + - authorEmail + - authorName + type: object + interval: + description: Interval gives an lower bound for how often the automation + run should be attempted. + type: string + push: + description: Push specifies how and where to push commits made by + the automation. If missing, commits are pushed (back) to `.spec.checkout.branch`. + properties: + branch: + description: Branch specifies that commits should be pushed to + the branch named. The branch is created using `.spec.checkout.branch` + as the starting point, if it doesn't already exist. + type: string + required: + - branch + type: object + suspend: + description: Suspend tells the controller to not run this automation, + until it is unset (or set to false). Defaults to false. + type: boolean + update: + default: + strategy: Setters + description: Update gives the specification for how to update the + files in the repository. This can be left empty, to use the default + value. + properties: + path: + description: Path to the directory containing the manifests to + be updated. Defaults to 'None', which translates to the root + path of the GitRepositoryRef. + type: string + strategy: + default: Setters + description: Strategy names the strategy to be used. + enum: + - Setters + type: string + required: + - strategy + type: object + required: + - checkout + - commit + - interval + type: object + status: + description: ImageUpdateAutomationStatus defines the observed state of + ImageUpdateAutomation + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAutomationRunTime: + description: LastAutomationRunTime records the last time the controller + ran this automation through to completion (even if no updates were + made). + format: date-time + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastPushCommit: + description: LastPushCommit records the SHA1 of the last commit made + by the controller, for this automation object + type: string + lastPushTime: + description: LastPushTime records the time of the last pushed change. + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.lastAutomationRunTime + name: Last run + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: ImageUpdateAutomation is the Schema for the imageupdateautomations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation + properties: + git: + description: GitSpec contains all the git-specific definitions. This + is technically optional, but in practice mandatory until there are + other kinds of source allowed. + properties: + checkout: + description: Checkout gives the parameters for cloning the git + repository, ready to make changes. If not present, the `spec.ref` + field from the referenced `GitRepository` or its default will + be used. + properties: + ref: + description: Reference gives a branch, tag or commit to clone + from the Git repository. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified + Tag filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence + over Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence + over Branch. + type: string + type: object + required: + - ref + type: object + commit: + description: Commit specifies how to commit to the git repository. + properties: + author: + description: Author gives the email and optionally the name + to use as the author of commits. + properties: + email: + description: Email gives the email to provide when making + a commit. + type: string + name: + description: Name gives the name to provide when making + a commit. + type: string + required: + - email + type: object + messageTemplate: + description: MessageTemplate provides a template for the commit + message, into which will be interpolated the details of + the change made. + type: string + signingKey: + description: SigningKey provides the option to sign commits + with a GPG key + properties: + secretRef: + description: SecretRef holds the name to a secret that + contains a 'git.asc' key corresponding to the ASCII + Armored file containing the GPG signing keypair as the + value. It must be in the same namespace as the ImageUpdateAutomation. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + required: + - author + type: object + push: + description: Push specifies how and where to push commits made + by the automation. If missing, commits are pushed (back) to + `.spec.checkout.branch` or its default. + properties: + branch: + description: Branch specifies that commits should be pushed + to the branch named. The branch is created using `.spec.checkout.branch` + as the starting point, if it doesn't already exist. + type: string + required: + - branch + type: object + required: + - commit + type: object + interval: + description: Interval gives an lower bound for how often the automation + run should be attempted. + type: string + sourceRef: + description: SourceRef refers to the resource giving access details + to a git repository. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + default: GitRepository + description: Kind of the referent + enum: + - GitRepository + type: string + name: + description: Name of the referent + type: string + required: + - kind + - name + type: object + suspend: + description: Suspend tells the controller to not run this automation, + until it is unset (or set to false). Defaults to false. + type: boolean + update: + default: + strategy: Setters + description: Update gives the specification for how to update the + files in the repository. This can be left empty, to use the default + value. + properties: + path: + description: Path to the directory containing the manifests to + be updated. Defaults to 'None', which translates to the root + path of the GitRepositoryRef. + type: string + strategy: + default: Setters + description: Strategy names the strategy to be used. + enum: + - Setters + type: string + required: + - strategy + type: object + required: + - interval + - sourceRef + type: object + status: + description: ImageUpdateAutomationStatus defines the observed state of + ImageUpdateAutomation + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAutomationRunTime: + description: LastAutomationRunTime records the last time the controller + ran this automation through to completion (even if no updates were + made). + format: date-time + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastPushCommit: + description: LastPushCommit records the SHA1 of the last commit made + by the controller, for this automation object + type: string + lastPushTime: + description: LastPushTime records the time of the last pushed change. + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.lastAutomationRunTime + name: Last run + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ImageUpdateAutomation is the Schema for the imageupdateautomations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation + properties: + git: + description: GitSpec contains all the git-specific definitions. This + is technically optional, but in practice mandatory until there are + other kinds of source allowed. + properties: + checkout: + description: Checkout gives the parameters for cloning the git + repository, ready to make changes. If not present, the `spec.ref` + field from the referenced `GitRepository` or its default will + be used. + properties: + ref: + description: Reference gives a branch, tag or commit to clone + from the Git repository. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified + Tag filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence + over Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence + over Branch. + type: string + type: object + required: + - ref + type: object + commit: + description: Commit specifies how to commit to the git repository. + properties: + author: + description: Author gives the email and optionally the name + to use as the author of commits. + properties: + email: + description: Email gives the email to provide when making + a commit. + type: string + name: + description: Name gives the name to provide when making + a commit. + type: string + required: + - email + type: object + messageTemplate: + description: MessageTemplate provides a template for the commit + message, into which will be interpolated the details of + the change made. + type: string + signingKey: + description: SigningKey provides the option to sign commits + with a GPG key + properties: + secretRef: + description: SecretRef holds the name to a secret that + contains a 'git.asc' key corresponding to the ASCII + Armored file containing the GPG signing keypair as the + value. It must be in the same namespace as the ImageUpdateAutomation. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + required: + - author + type: object + push: + description: Push specifies how and where to push commits made + by the automation. If missing, commits are pushed (back) to + `.spec.checkout.branch` or its default. + properties: + branch: + description: Branch specifies that commits should be pushed + to the branch named. The branch is created using `.spec.checkout.branch` + as the starting point, if it doesn't already exist. + type: string + required: + - branch + type: object + required: + - commit + type: object + interval: + description: Interval gives an lower bound for how often the automation + run should be attempted. + type: string + sourceRef: + description: SourceRef refers to the resource giving access details + to a git repository. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + default: GitRepository + description: Kind of the referent + enum: + - GitRepository + type: string + name: + description: Name of the referent + type: string + required: + - kind + - name + type: object + suspend: + description: Suspend tells the controller to not run this automation, + until it is unset (or set to false). Defaults to false. + type: boolean + update: + default: + strategy: Setters + description: Update gives the specification for how to update the + files in the repository. This can be left empty, to use the default + value. + properties: + path: + description: Path to the directory containing the manifests to + be updated. Defaults to 'None', which translates to the root + path of the GitRepositoryRef. + type: string + strategy: + default: Setters + description: Strategy names the strategy to be used. + enum: + - Setters + type: string + required: + - strategy + type: object + required: + - interval + - sourceRef + type: object + status: + description: ImageUpdateAutomationStatus defines the observed state of + ImageUpdateAutomation + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAutomationRunTime: + description: LastAutomationRunTime records the last time the controller + ran this automation through to completion (even if no updates were + made). + format: date-time + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastPushCommit: + description: LastPushCommit records the SHA1 of the last commit made + by the controller, for this automation object + type: string + lastPushTime: + description: LastPushTime records the time of the last pushed change. + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.5.0 @@ -3521,6 +5470,26 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: image-automation-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + name: image-reflector-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: flux-system @@ -3817,6 +5786,160 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: image-automation-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: image-automation-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: image-automation-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/image-automation-controller:v0.15.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: image-automation-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.19.1 + control-plane: controller + name: image-reflector-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: image-reflector-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: image-reflector-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/image-reflector-controller:v0.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + - mountPath: /data + name: data + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: image-reflector-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp + - emptyDir: {} + name: data +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: app.kubernetes.io/instance: flux-system From 952340b1f4b2657cf445ff6c59534c5f2b36eb1b Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 12:38:27 +0200 Subject: [PATCH 17/70] readme: add bootstrap info --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 948ec85..9f52e95 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,12 @@ The main directory is `cluster`, it contains the following subdirectories in the * **core**: important core infrastructure applications, grouped by namespace, that should never be pruned * **apps**: common applications that are allowed to be pruned by flux +## Bootstrap +The cluster was bootstrapped using the following command: +``` +flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller +``` + ## References Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster) From 5f28844cea0d487ca6fef77bc71f0a55514517c4 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 17:44:32 +0200 Subject: [PATCH 18/70] add: zookeeper --- .../presidential-paradise/kustomization.yaml | 1 + .../zookeeper/deployment.yaml | 45 +++++++++++++++++++ .../zookeeper/ingress.yaml | 18 ++++++++ .../zookeeper/kustomization.yaml | 6 +++ .../presidential-paradise/zookeeper/svc.yaml | 24 ++++++++++ 5 files changed, 94 insertions(+) create mode 100644 cluster/apps/presidential-paradise/zookeeper/deployment.yaml create mode 100644 cluster/apps/presidential-paradise/zookeeper/ingress.yaml create mode 100644 cluster/apps/presidential-paradise/zookeeper/kustomization.yaml create mode 100644 cluster/apps/presidential-paradise/zookeeper/svc.yaml diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index d5ef44b..cd9cd51 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub + - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml new file mode 100644 index 0000000..1a3ebc5 --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zookeeper + namespace: presidential-paradise + labels: + app: zookeeper +spec: + replicas: 3 + selector: + matchLabels: + app: zookeeper + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 34% + maxUnavailable: 34% + template: + metadata: + name: zookeeper + labels: + app: zookeeper + spec: + containers: + - name: zookeeper + image: ghcr.io/nullx76/zookeeper:latest + ports: + - containerPort: 8085 + env: + - name: LANG + value: C.UTF-8 + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_NAME + value: zookeeper-private.default.svc.cluster.local + resources: {} + securityContext: + privileged: false + procMount: Default + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + terminationGracePeriodSeconds: 30 diff --git a/cluster/apps/presidential-paradise/zookeeper/ingress.yaml b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml new file mode 100644 index 0000000..40c98a2 --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: zookeeper + namespace: presidential-paradise +spec: + rules: + - host: "zookeeper.0x76.dev" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: zookeeper + port: + number: 8085 + diff --git a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml new file mode 100644 index 0000000..5b33a50 --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deployment.yaml + - svc.yaml + - ingress.yaml diff --git a/cluster/apps/presidential-paradise/zookeeper/svc.yaml b/cluster/apps/presidential-paradise/zookeeper/svc.yaml new file mode 100644 index 0000000..ea3bfa1 --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/svc.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: zookeeper-private + namespace: presidential-paradise +spec: + clusterIP: None + ports: + - name: epmd + port: 4369 + selector: + app: zookeeper +--- +apiVersion: v1 +kind: Service +metadata: + name: zookeeper + namespace: presidential-paradise +spec: + ports: + - name: http + port: 8085 + selector: + app: zookeeper From 3329b1fb47026747a663d572009649f13c8fe1cc Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 17:48:40 +0200 Subject: [PATCH 19/70] zookeeper: change tag --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 1a3ebc5..12cb0c5 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: ghcr.io/nullx76/zookeeper:latest + image: ghcr.io/nullx76/zookeeper:manual ports: - containerPort: 8085 env: From 3e1aa0a5b723e920977110fcd7e7d0a7eefb9ba6 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 17:50:02 +0200 Subject: [PATCH 20/70] zookeeper: change tag (again) --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 12cb0c5..c464580 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: ghcr.io/nullx76/zookeeper:manual + image: docker.io/0x76/zookeeper:manual ports: - containerPort: 8085 env: From f35923b438474738c63e12b241557fa527b18690 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 17:51:35 +0200 Subject: [PATCH 21/70] zookeeper: undeploy (for now) --- cluster/apps/presidential-paradise/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index cd9cd51..d5ef44b 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - - zookeeper From a0e5dd9a63ab0c5dac576dd3482636d27a1e188c Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 18:20:27 +0200 Subject: [PATCH 22/70] crds: external-secrets --- cluster/crds/external-secrets/crds.yaml | 31 +++++++++++++++++++ .../crds/external-secrets/kustomization.yaml | 4 +++ cluster/crds/kustomization.yaml | 1 + 3 files changed, 36 insertions(+) create mode 100644 cluster/crds/external-secrets/crds.yaml create mode 100644 cluster/crds/external-secrets/kustomization.yaml diff --git a/cluster/crds/external-secrets/crds.yaml b/cluster/crds/external-secrets/crds.yaml new file mode 100644 index 0000000..ae88a33 --- /dev/null +++ b/cluster/crds/external-secrets/crds.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: external-secrets-crd-source + namespace: flux-system +spec: + interval: 30m + url: https://github.com/external-secrets/external-secrets.git + ref: + # renovate: registryUrl=https://charts.external-secrets.io chart=external-secrets + tag: v0.3.7 + ignore: | + # exclude all + /* + # path to crds + !/deploy/crds/ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: external-secrets-crds + namespace: flux-system +spec: + interval: 15m + prune: false + wait: true + sourceRef: + kind: GitRepository + name: external-secrets-crd-source + diff --git a/cluster/crds/external-secrets/kustomization.yaml b/cluster/crds/external-secrets/kustomization.yaml new file mode 100644 index 0000000..2ed3b35 --- /dev/null +++ b/cluster/crds/external-secrets/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml diff --git a/cluster/crds/kustomization.yaml b/cluster/crds/kustomization.yaml index 15e57e2..f2ee43c 100644 --- a/cluster/crds/kustomization.yaml +++ b/cluster/crds/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - traefik + - external-secrets From 4d159059f1e11ac692ce87785598735bed042651 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 18:26:24 +0200 Subject: [PATCH 23/70] namespaces: add external-secrets --- cluster/core/namespaces/external-secrets.yaml | 5 +++++ cluster/core/namespaces/kustomization.yaml | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 cluster/core/namespaces/external-secrets.yaml diff --git a/cluster/core/namespaces/external-secrets.yaml b/cluster/core/namespaces/external-secrets.yaml new file mode 100644 index 0000000..591aac5 --- /dev/null +++ b/cluster/core/namespaces/external-secrets.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: external-secrets diff --git a/cluster/core/namespaces/kustomization.yaml b/cluster/core/namespaces/kustomization.yaml index 8b2dd57..5f33ced 100644 --- a/cluster/core/namespaces/kustomization.yaml +++ b/cluster/core/namespaces/kustomization.yaml @@ -3,3 +3,5 @@ kind: Kustomization resources: - presidential-paradise.yaml - networking.yaml + - external-secrets.yaml + From 6ca75c2b73d89698d955003752da0698399f0213 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 18:40:32 +0200 Subject: [PATCH 24/70] charts: add external-secrets --- .../charts/helm/external-secrets-charts.yaml | 10 ++++++++++ .../base/flux-system/charts/helm/kustomization.yaml | 2 ++ 2 files changed, 12 insertions(+) create mode 100644 cluster/base/flux-system/charts/helm/external-secrets-charts.yaml diff --git a/cluster/base/flux-system/charts/helm/external-secrets-charts.yaml b/cluster/base/flux-system/charts/helm/external-secrets-charts.yaml new file mode 100644 index 0000000..2d49244 --- /dev/null +++ b/cluster/base/flux-system/charts/helm/external-secrets-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: external-secrets-charts + namespace: flux-system +spec: + interval: 15m0s + url: https://charts.external-secrets.io + diff --git a/cluster/base/flux-system/charts/helm/kustomization.yaml b/cluster/base/flux-system/charts/helm/kustomization.yaml index 65d6813..cc37fad 100644 --- a/cluster/base/flux-system/charts/helm/kustomization.yaml +++ b/cluster/base/flux-system/charts/helm/kustomization.yaml @@ -3,3 +3,5 @@ kind: Kustomization resources: - metallb-charts.yaml - traefik-charts.yaml + - external-secrets-charts.yaml + From 4b0f7fe2f67f1bcd795d9b888d8526b10fa26ee3 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 18:47:10 +0200 Subject: [PATCH 25/70] external-secrets: added it --- .../external-secrets/helm-release.yaml | 22 +++++++++++++++++++ .../external-secrets/kustomization.yaml | 5 +++++ .../core/external-secrets/kustomization.yaml | 5 +++++ cluster/core/kustomization.yaml | 2 ++ 4 files changed, 34 insertions(+) create mode 100644 cluster/core/external-secrets/external-secrets/helm-release.yaml create mode 100644 cluster/core/external-secrets/external-secrets/kustomization.yaml create mode 100644 cluster/core/external-secrets/kustomization.yaml diff --git a/cluster/core/external-secrets/external-secrets/helm-release.yaml b/cluster/core/external-secrets/external-secrets/helm-release.yaml new file mode 100644 index 0000000..6078974 --- /dev/null +++ b/cluster/core/external-secrets/external-secrets/helm-release.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: external-secrets + namespace: external-secrets +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://charts.external-secrets.io + chart: external-secrets + version: 0.3.7 + sourceRef: + kind: HelmRepository + name: external-secrets-charts + namespace: flux-system + interval: 5m + values: + configInline: + installCRDs: false + diff --git a/cluster/core/external-secrets/external-secrets/kustomization.yaml b/cluster/core/external-secrets/external-secrets/kustomization.yaml new file mode 100644 index 0000000..2fa2de2 --- /dev/null +++ b/cluster/core/external-secrets/external-secrets/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml diff --git a/cluster/core/external-secrets/kustomization.yaml b/cluster/core/external-secrets/kustomization.yaml new file mode 100644 index 0000000..cf78af6 --- /dev/null +++ b/cluster/core/external-secrets/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - external-secrets diff --git a/cluster/core/kustomization.yaml b/cluster/core/kustomization.yaml index bf0a6d5..88687c7 100644 --- a/cluster/core/kustomization.yaml +++ b/cluster/core/kustomization.yaml @@ -3,3 +3,5 @@ kind: Kustomization resources: - namespaces - networking + - external-secrets + From 579f8a7c268455df3fb040ece6b3074d9e231936 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 18:57:26 +0200 Subject: [PATCH 26/70] external-secrets: skip crds --- .../core/external-secrets/external-secrets/helm-release.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cluster/core/external-secrets/external-secrets/helm-release.yaml b/cluster/core/external-secrets/external-secrets/helm-release.yaml index 6078974..4d14686 100644 --- a/cluster/core/external-secrets/external-secrets/helm-release.yaml +++ b/cluster/core/external-secrets/external-secrets/helm-release.yaml @@ -19,4 +19,7 @@ spec: values: configInline: installCRDs: false - + install: + crds: Skip + upgrade: + crds: Skip \ No newline at end of file From d149cd50d4fcba055f21f31f4c44eb75cfa6dc26 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Thu, 28 Oct 2021 19:06:12 +0200 Subject: [PATCH 27/70] external-secrets: skip crds (again) --- .../core/external-secrets/external-secrets/helm-release.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cluster/core/external-secrets/external-secrets/helm-release.yaml b/cluster/core/external-secrets/external-secrets/helm-release.yaml index 4d14686..8466118 100644 --- a/cluster/core/external-secrets/external-secrets/helm-release.yaml +++ b/cluster/core/external-secrets/external-secrets/helm-release.yaml @@ -17,8 +17,7 @@ spec: namespace: flux-system interval: 5m values: - configInline: - installCRDs: false + installCRDs: false install: crds: Skip upgrade: From 888b33fa772bc75af511d1f251e45ae3522487f9 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 20:21:25 +0200 Subject: [PATCH 28/70] external-secrets: add vault store --- .../external-secrets/kustomization.yaml | 1 + .../external-secrets/vault-secret-store.yaml | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 cluster/core/external-secrets/external-secrets/vault-secret-store.yaml diff --git a/cluster/core/external-secrets/external-secrets/kustomization.yaml b/cluster/core/external-secrets/external-secrets/kustomization.yaml index 2fa2de2..28844c0 100644 --- a/cluster/core/external-secrets/external-secrets/kustomization.yaml +++ b/cluster/core/external-secrets/external-secrets/kustomization.yaml @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - helm-release.yaml + - vault-secret-store diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml new file mode 100644 index 0000000..929866e --- /dev/null +++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ClusterSecretStore +metadata: + name: vault + namespace: external-secrets +spec: + provider: + vault: + server: "http://10.42.42.6:8200" + path: "k8s" + version: "v2" + auth: + # VaultAppRole authenticates with Vault using the + # App Role auth mechanism + # https://www.vaultproject.io/docs/auth/approle + appRole: + # Path where the App Role authentication backend is mounted + path: "approle" + # RoleID configured in the App Role authentication backend + roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # Reference to a key in a K8 Secret that contains the App Role SecretId + # (not commited in git) + secretRef: + name: "vault-secret-id" + namespace: "external-secrets" + key: "secret-id" From 3649baa5e45c8105ac5b7709d8f153ffc3003f6c Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 20:22:31 +0200 Subject: [PATCH 29/70] external-secrets: add vault store (fix) --- .../core/external-secrets/external-secrets/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/core/external-secrets/external-secrets/kustomization.yaml b/cluster/core/external-secrets/external-secrets/kustomization.yaml index 28844c0..686d878 100644 --- a/cluster/core/external-secrets/external-secrets/kustomization.yaml +++ b/cluster/core/external-secrets/external-secrets/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - helm-release.yaml - - vault-secret-store + - vault-secret-store.yaml From f209adfa41b0f46770b7e6362aeddf511ddbb086 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 21:11:54 +0200 Subject: [PATCH 30/70] zookeeper: re-add w/ secrets --- .../presidential-paradise/kustomization.yaml | 1 + .../zookeeper/deployment.yaml | 3 ++ .../zookeeper/external-secret.yaml | 30 +++++++++++++++++++ .../zookeeper/kustomization.yaml | 1 + 4 files changed, 35 insertions(+) create mode 100644 cluster/apps/presidential-paradise/zookeeper/external-secret.yaml diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index d5ef44b..cd9cd51 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub + - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index c464580..8eb34af 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -26,6 +26,9 @@ spec: image: docker.io/0x76/zookeeper:manual ports: - containerPort: 8085 + envFrom: + - secretRef: + name: zookeeper env: - name: LANG value: C.UTF-8 diff --git a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml new file mode 100644 index 0000000..744b516 --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + name: zookeeper + namespace: presidential-paradise +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: zookeeper + namespace: presidential-paradise + data: + - secretKey: DISCORD_APP_ID + remoteRef: + key: k8s/presidential-paradise/zookeeper + property: discord_app_id + - secretKey: DISCORD_PUBLIC_KEY + remoteRef: + key: k8s/presidential-paradise/zookeeper + property: discord_public_key + - secretKey: DISCORD_TOKEN + remoteRef: + key: k8s/presidential-paradise/zookeeper + property: discord_token + - secretKey: TWITTER_TOKEN + remoteRef: + key: k8s/presidential-paradise/zookeeper + property: twitter_token diff --git a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml index 5b33a50..3716bd7 100644 --- a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - external-secret.yaml - deployment.yaml - svc.yaml - ingress.yaml From 0c513ccf39ed8e3a428129438891b519fd5d7ed3 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 21:12:55 +0200 Subject: [PATCH 31/70] zookeeper: re-add w/ secrets (fix) --- .../apps/presidential-paradise/zookeeper/external-secret.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml index 744b516..d880c6f 100644 --- a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml @@ -10,7 +10,6 @@ spec: kind: ClusterSecretStore target: name: zookeeper - namespace: presidential-paradise data: - secretKey: DISCORD_APP_ID remoteRef: From a6e7132252ecf62fd93042b5657be3235981e97b Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 21:26:22 +0200 Subject: [PATCH 32/70] external-secrets: reconfig vault --- .../external-secrets/vault-secret-store.yaml | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml index 929866e..916d7e2 100644 --- a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml +++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml @@ -13,14 +13,18 @@ spec: # VaultAppRole authenticates with Vault using the # App Role auth mechanism # https://www.vaultproject.io/docs/auth/approle - appRole: - # Path where the App Role authentication backend is mounted - path: "approle" - # RoleID configured in the App Role authentication backend - roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" - # Reference to a key in a K8 Secret that contains the App Role SecretId - # (not commited in git) - secretRef: - name: "vault-secret-id" - namespace: "external-secrets" - key: "secret-id" + tokenSecretRef: + name: "vault-secret-id" + namespace: "external-secrets" + key: "token" + # appRole: + # # Path where the App Role authentication backend is mounted + # path: "approle" + # # RoleID configured in the App Role authentication backend + # roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # # Reference to a key in a K8 Secret that contains the App Role SecretId + # # (not commited in git) + # secretRef: + # name: "vault-secret-id" + # namespace: "external-secrets" + # key: "secret-id" From e22c22a58a50c1f5e44e61fb44e641ade5a09e2a Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 21:30:31 +0200 Subject: [PATCH 33/70] external-secrets: change back to approle and remove prefix --- .../zookeeper/external-secret.yaml | 8 ++--- .../external-secrets/vault-secret-store.yaml | 30 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml index d880c6f..e506c03 100644 --- a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml @@ -13,17 +13,17 @@ spec: data: - secretKey: DISCORD_APP_ID remoteRef: - key: k8s/presidential-paradise/zookeeper + key: presidential-paradise/zookeeper property: discord_app_id - secretKey: DISCORD_PUBLIC_KEY remoteRef: - key: k8s/presidential-paradise/zookeeper + key: presidential-paradise/zookeeper property: discord_public_key - secretKey: DISCORD_TOKEN remoteRef: - key: k8s/presidential-paradise/zookeeper + key: presidential-paradise/zookeeper property: discord_token - secretKey: TWITTER_TOKEN remoteRef: - key: k8s/presidential-paradise/zookeeper + key: presidential-paradise/zookeeper property: twitter_token diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml index 916d7e2..e10a256 100644 --- a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml +++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml @@ -13,18 +13,18 @@ spec: # VaultAppRole authenticates with Vault using the # App Role auth mechanism # https://www.vaultproject.io/docs/auth/approle - tokenSecretRef: - name: "vault-secret-id" - namespace: "external-secrets" - key: "token" - # appRole: - # # Path where the App Role authentication backend is mounted - # path: "approle" - # # RoleID configured in the App Role authentication backend - # roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" - # # Reference to a key in a K8 Secret that contains the App Role SecretId - # # (not commited in git) - # secretRef: - # name: "vault-secret-id" - # namespace: "external-secrets" - # key: "secret-id" + # tokenSecretRef: + # name: "vault-secret-id" + # namespace: "external-secrets" + # key: "token" + appRole: + # Path where the App Role authentication backend is mounted + path: "approle" + # RoleID configured in the App Role authentication backend + roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # Reference to a key in a K8 Secret that contains the App Role SecretId + # (not commited in git) + secretRef: + name: "vault-secret-id" + namespace: "external-secrets" + key: "secret-id" From b9519be477ca28d56a21c7456047130b6df721b5 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 21:33:16 +0200 Subject: [PATCH 34/70] external-secrets: back to token again?? --- .../external-secrets/vault-secret-store.yaml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml index e10a256..916d7e2 100644 --- a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml +++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml @@ -13,18 +13,18 @@ spec: # VaultAppRole authenticates with Vault using the # App Role auth mechanism # https://www.vaultproject.io/docs/auth/approle - # tokenSecretRef: - # name: "vault-secret-id" - # namespace: "external-secrets" - # key: "token" - appRole: - # Path where the App Role authentication backend is mounted - path: "approle" - # RoleID configured in the App Role authentication backend - roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" - # Reference to a key in a K8 Secret that contains the App Role SecretId - # (not commited in git) - secretRef: - name: "vault-secret-id" - namespace: "external-secrets" - key: "secret-id" + tokenSecretRef: + name: "vault-secret-id" + namespace: "external-secrets" + key: "token" + # appRole: + # # Path where the App Role authentication backend is mounted + # path: "approle" + # # RoleID configured in the App Role authentication backend + # roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # # Reference to a key in a K8 Secret that contains the App Role SecretId + # # (not commited in git) + # secretRef: + # name: "vault-secret-id" + # namespace: "external-secrets" + # key: "secret-id" From af83663b9f23fe42191bf5a6e1e5a4e60f348aca Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 22:25:42 +0200 Subject: [PATCH 35/70] unstage zookeeper --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index cd9cd51..bf59f12 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - - zookeeper + # - zookeeper From 77ca28d27bcff34584a84be168552cbc1f4713c0 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Fri, 29 Oct 2021 22:30:24 +0200 Subject: [PATCH 36/70] Add Flux v0.20.0 component manifests --- cluster/base/flux-system/gotk-components.yaml | 73 +++++++++---------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 6be397d..9f99303 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -16,7 +16,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -228,7 +228,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -459,7 +459,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -559,7 +559,6 @@ spec: defaults to master branch. properties: branch: - default: master description: The Git branch to checkout, defaults to master. type: string commit: @@ -790,7 +789,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1045,7 +1044,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1805,7 +1804,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2023,7 +2022,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2612,7 +2611,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3170,7 +3169,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3972,7 +3971,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5047,7 +5046,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5247,7 +5246,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5464,7 +5463,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: helm-controller namespace: flux-system --- @@ -5474,7 +5473,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: image-automation-controller namespace: flux-system --- @@ -5484,7 +5483,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: image-reflector-controller namespace: flux-system --- @@ -5494,7 +5493,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: kustomize-controller namespace: flux-system --- @@ -5504,7 +5503,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: notification-controller namespace: flux-system --- @@ -5514,7 +5513,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: source-controller namespace: flux-system --- @@ -5524,7 +5523,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: crd-controller-flux-system rules: - apiGroups: @@ -5605,7 +5604,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5625,7 +5624,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5657,7 +5656,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: notification-controller namespace: flux-system @@ -5677,7 +5676,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: source-controller namespace: flux-system @@ -5697,7 +5696,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5717,7 +5716,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: helm-controller namespace: flux-system @@ -5790,7 +5789,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5819,7 +5818,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-automation-controller:v0.15.0 + image: ghcr.io/fluxcd/image-automation-controller:v0.16.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5865,7 +5864,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -5944,7 +5943,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -6019,7 +6018,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6095,7 +6094,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 control-plane: controller name: source-controller namespace: flux-system @@ -6128,7 +6127,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.16.1 + image: ghcr.io/fluxcd/source-controller:v0.17.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6179,7 +6178,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: allow-egress namespace: flux-system spec: @@ -6199,7 +6198,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: allow-scraping namespace: flux-system spec: @@ -6219,7 +6218,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.19.1 + app.kubernetes.io/version: v0.20.0 name: allow-webhooks namespace: flux-system spec: From 9c2c5da57a23da4653fe5a87766a5ea5b65e859e Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 22:44:40 +0200 Subject: [PATCH 37/70] external-secrets: back to approle --- .../external-secrets/vault-secret-store.yaml | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml index 916d7e2..929866e 100644 --- a/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml +++ b/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml @@ -13,18 +13,14 @@ spec: # VaultAppRole authenticates with Vault using the # App Role auth mechanism # https://www.vaultproject.io/docs/auth/approle - tokenSecretRef: - name: "vault-secret-id" - namespace: "external-secrets" - key: "token" - # appRole: - # # Path where the App Role authentication backend is mounted - # path: "approle" - # # RoleID configured in the App Role authentication backend - # roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" - # # Reference to a key in a K8 Secret that contains the App Role SecretId - # # (not commited in git) - # secretRef: - # name: "vault-secret-id" - # namespace: "external-secrets" - # key: "secret-id" + appRole: + # Path where the App Role authentication backend is mounted + path: "approle" + # RoleID configured in the App Role authentication backend + roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0" + # Reference to a key in a K8 Secret that contains the App Role SecretId + # (not commited in git) + secretRef: + name: "vault-secret-id" + namespace: "external-secrets" + key: "secret-id" From 0ddfd835b42990dffa0dbec14ab223920c0292f4 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 22:46:35 +0200 Subject: [PATCH 38/70] zookeeper: include --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- cluster/apps/presidential-paradise/zookeeper/ingress.yaml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index bf59f12..cd9cd51 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - # - zookeeper + - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/ingress.yaml b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml index 40c98a2..7f9d7fe 100644 --- a/cluster/apps/presidential-paradise/zookeeper/ingress.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml @@ -15,4 +15,3 @@ spec: name: zookeeper port: number: 8085 - From 982204ace411ef5b28aa2470a1db8c10fb201b80 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 22:48:13 +0200 Subject: [PATCH 39/70] Revert "zookeeper: include" This reverts commit 0ddfd835b42990dffa0dbec14ab223920c0292f4. --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- cluster/apps/presidential-paradise/zookeeper/ingress.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index cd9cd51..bf59f12 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - - zookeeper + # - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/ingress.yaml b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml index 7f9d7fe..40c98a2 100644 --- a/cluster/apps/presidential-paradise/zookeeper/ingress.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/ingress.yaml @@ -15,3 +15,4 @@ spec: name: zookeeper port: number: 8085 + From 8097205c2e6e42117b37337544424c2b0a000e34 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 23:06:46 +0200 Subject: [PATCH 40/70] zookeeper: change tag --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index bf59f12..cd9cd51 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - # - zookeeper + - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 8eb34af..4018806 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: docker.io/0x76/zookeeper:manual + image: docker.io/0x76/zookeeper:latest ports: - containerPort: 8085 envFrom: From 2740f2cbfbc73093588bdac2731c9c9879e33635 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 23:09:20 +0200 Subject: [PATCH 41/70] zookeeper: fix service name --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 4018806..43a4f2b 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -37,7 +37,7 @@ spec: fieldRef: fieldPath: status.podIP - name: SERVICE_NAME - value: zookeeper-private.default.svc.cluster.local + value: zookeeper-private.presidential-paradise.svc.cluster.local resources: {} securityContext: privileged: false From 87e842a75754c981e5596273f41efbae02d53314 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Fri, 29 Oct 2021 23:39:12 +0200 Subject: [PATCH 42/70] zookeeper: stuff --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- .../apps/presidential-paradise/zookeeper/deployment.yaml | 7 +++++-- .../presidential-paradise/zookeeper/external-secret.yaml | 4 ++++ cluster/apps/presidential-paradise/zookeeper/svc.yaml | 3 +++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index cd9cd51..bf59f12 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - - zookeeper + # - zookeeper diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 43a4f2b..193f992 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -25,14 +25,17 @@ spec: - name: zookeeper image: docker.io/0x76/zookeeper:latest ports: - - containerPort: 8085 + - name: web + containerPort: 8085 + - name: epmd + containerPort: 4369 envFrom: - secretRef: name: zookeeper env: - name: LANG value: C.UTF-8 - - name: HOSTNAME + - name: RELEASE_NODE_IP valueFrom: fieldRef: fieldPath: status.podIP diff --git a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml index e506c03..6a4803c 100644 --- a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml @@ -27,3 +27,7 @@ spec: remoteRef: key: presidential-paradise/zookeeper property: twitter_token + - secretKey: ERLANG_COOKIE + remoteRef: + key: presidential-paradise/zookeeper + property: erlang_cookie diff --git a/cluster/apps/presidential-paradise/zookeeper/svc.yaml b/cluster/apps/presidential-paradise/zookeeper/svc.yaml index ea3bfa1..d5dc285 100644 --- a/cluster/apps/presidential-paradise/zookeeper/svc.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/svc.yaml @@ -8,6 +8,8 @@ spec: ports: - name: epmd port: 4369 + targetPort: epmd + protocol: TCP selector: app: zookeeper --- @@ -19,6 +21,7 @@ metadata: spec: ports: - name: http + targetPort: web port: 8085 selector: app: zookeeper From 06f0ddff013af65f976ea2d522fd776ae66d5814 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 13:24:17 +0200 Subject: [PATCH 43/70] zookeeper: nth try --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- .../apps/presidential-paradise/zookeeper/external-secret.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 193f992..e4ebd97 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -35,7 +35,7 @@ spec: env: - name: LANG value: C.UTF-8 - - name: RELEASE_NODE_IP + - name: HOSTNAME valueFrom: fieldRef: fieldPath: status.podIP diff --git a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml index 6a4803c..317b1fd 100644 --- a/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml @@ -27,7 +27,7 @@ spec: remoteRef: key: presidential-paradise/zookeeper property: twitter_token - - secretKey: ERLANG_COOKIE + - secretKey: RELEASE_COOKIE remoteRef: key: presidential-paradise/zookeeper property: erlang_cookie From 5125237d9bd0d3c0c3738290ba62ca7dda117c97 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 13:25:53 +0200 Subject: [PATCH 44/70] zookeeper: actually enable it --- cluster/apps/presidential-paradise/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index bf59f12..cd9cd51 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - wooloofanclub - # - zookeeper + - zookeeper From de3715d0336fd0b5f9ff257c46bcba2861743d9e Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 19:40:30 +0200 Subject: [PATCH 45/70] zookeeper: scale back --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index e4ebd97..d753cce 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: zookeeper spec: - replicas: 3 + replicas: 1 selector: matchLabels: app: zookeeper From f3c70b48e814a6a7c2099a521441795e1b5bcbf5 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:07:17 +0200 Subject: [PATCH 46/70] presidential-paradise: add registry.xirion.net creds --- .../presidential-paradise/kustomization.yaml | 1 + .../xirion-registry-creds.yaml | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 cluster/apps/presidential-paradise/xirion-registry-creds.yaml diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index cd9cd51..3fb8455 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - xirion-registry-creds.yaml - wooloofanclub - zookeeper diff --git a/cluster/apps/presidential-paradise/xirion-registry-creds.yaml b/cluster/apps/presidential-paradise/xirion-registry-creds.yaml new file mode 100644 index 0000000..8a91e43 --- /dev/null +++ b/cluster/apps/presidential-paradise/xirion-registry-creds.yaml @@ -0,0 +1,19 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + name: xirion-registry-creds + namespace: presidential-paradise +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: xirion-registry-creds + template: + type: kubernetes.io/dockerconfigjson + data: + - secretKey: .dockerconfigjson + remoteRef: + key: xirion-registry-creds + property: dockerconfigjson From 4a843e54720d47d1682a2008ababdd1969e94f54 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:18:18 +0200 Subject: [PATCH 47/70] 0x76.dev: deploy --- .../presidential-paradise/0x76.dev/0x76.yaml | 53 +++++++++++++++++++ .../0x76.dev/kustomization.yaml | 4 ++ .../presidential-paradise/kustomization.yaml | 1 + 3 files changed, 58 insertions(+) create mode 100644 cluster/apps/presidential-paradise/0x76.dev/0x76.yaml create mode 100644 cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml diff --git a/cluster/apps/presidential-paradise/0x76.dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76.dev/0x76.yaml new file mode 100644 index 0000000..1d6e73d --- /dev/null +++ b/cluster/apps/presidential-paradise/0x76.dev/0x76.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: 0x76.dev + namespace: presidential-paradise + labels: + app: 0x76.dev +spec: + replicas: 1 + selector: + matchLabels: + app: 0x76.dev + template: + metadata: + labels: + app: 0x76.dev + spec: + containers: + - name: 0x76.dev + image: registry.xirion.net/library/0x76.dev + ports: + - containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + name: 0x76.dev-service + namespace: presidential-paradise +spec: + selector: + app: 0x76.dev + ports: + - protocol: TCP + port: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: 0x76.dev-ingress + namespace: presidential-paradise +spec: + ingressClassName: "traefik" + rules: + - host: "0x76.dev" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: 0x76.dev-service + port: + number: 8080 diff --git a/cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml b/cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml new file mode 100644 index 0000000..1f8410f --- /dev/null +++ b/cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - wooloo.yaml diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index 3fb8455..b6bf981 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - xirion-registry-creds.yaml + - 0x76.dev - wooloofanclub - zookeeper From a7b38196583ab2324f5c13414728f2ab9966893e Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:20:02 +0200 Subject: [PATCH 48/70] 0x76.dev: remove '.' --- .../apps/presidential-paradise/{0x76.dev => 0x76dev}/0x76.yaml | 0 .../{0x76.dev => 0x76dev}/kustomization.yaml | 0 cluster/apps/presidential-paradise/kustomization.yaml | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename cluster/apps/presidential-paradise/{0x76.dev => 0x76dev}/0x76.yaml (100%) rename cluster/apps/presidential-paradise/{0x76.dev => 0x76dev}/kustomization.yaml (100%) diff --git a/cluster/apps/presidential-paradise/0x76.dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml similarity index 100% rename from cluster/apps/presidential-paradise/0x76.dev/0x76.yaml rename to cluster/apps/presidential-paradise/0x76dev/0x76.yaml diff --git a/cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml b/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml similarity index 100% rename from cluster/apps/presidential-paradise/0x76.dev/kustomization.yaml rename to cluster/apps/presidential-paradise/0x76dev/kustomization.yaml diff --git a/cluster/apps/presidential-paradise/kustomization.yaml b/cluster/apps/presidential-paradise/kustomization.yaml index b6bf981..fb65b5a 100644 --- a/cluster/apps/presidential-paradise/kustomization.yaml +++ b/cluster/apps/presidential-paradise/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - xirion-registry-creds.yaml - - 0x76.dev + - 0x76dev - wooloofanclub - zookeeper From 405fdf3b2662b0a4e94d0efcf7526c297b9ca578 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:20:53 +0200 Subject: [PATCH 49/70] 0x76.dev: fix kustom --- cluster/apps/presidential-paradise/0x76dev/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml b/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml index 1f8410f..1a4998e 100644 --- a/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml +++ b/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - wooloo.yaml + - 0x76.yaml From a510f20dc583b09390f9b5eba3270c745f50f4e3 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:21:45 +0200 Subject: [PATCH 50/70] 0x76.dev: fix more removal of '.' --- .../presidential-paradise/0x76dev/0x76.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml index 1d6e73d..8cac36b 100644 --- a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml +++ b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml @@ -1,34 +1,34 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: 0x76.dev + name: 0x76dev namespace: presidential-paradise labels: - app: 0x76.dev + app: 0x76dev spec: replicas: 1 selector: matchLabels: - app: 0x76.dev + app: 0x76dev template: metadata: labels: - app: 0x76.dev + app: 0x76dev spec: containers: - - name: 0x76.dev - image: registry.xirion.net/library/0x76.dev + - name: 0x76dev + image: registry.xirion.net/library/0x76dev ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: - name: 0x76.dev-service + name: 0x76dev-service namespace: presidential-paradise spec: selector: - app: 0x76.dev + app: 0x76dev ports: - protocol: TCP port: 8080 @@ -36,7 +36,7 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: 0x76.dev-ingress + name: 0x76dev-ingress namespace: presidential-paradise spec: ingressClassName: "traefik" @@ -48,6 +48,6 @@ spec: pathType: Prefix backend: service: - name: 0x76.dev-service + name: 0x76dev-service port: number: 8080 From cee1a39e4a1079fc366e25e1756b91834d1e350b Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:25:36 +0200 Subject: [PATCH 51/70] 0x76.dev: fix: remove leading 0 --- .../presidential-paradise/0x76dev/0x76.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml index 8cac36b..718b1dc 100644 --- a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml +++ b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: 0x76dev + name: x76dev namespace: presidential-paradise labels: - app: 0x76dev + app: x76dev spec: replicas: 1 selector: matchLabels: - app: 0x76dev + app: x76dev template: metadata: labels: - app: 0x76dev + app: x76dev spec: containers: - - name: 0x76dev + - name: x76dev image: registry.xirion.net/library/0x76dev ports: - containerPort: 8080 @@ -24,11 +24,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: 0x76dev-service + name: x76dev-service namespace: presidential-paradise spec: selector: - app: 0x76dev + app: x76dev ports: - protocol: TCP port: 8080 @@ -36,7 +36,7 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: 0x76dev-ingress + name: x76dev-ingress namespace: presidential-paradise spec: ingressClassName: "traefik" @@ -48,6 +48,6 @@ spec: pathType: Prefix backend: service: - name: 0x76dev-service + name: x76dev-service port: number: 8080 From 92e12cf7ddb518fadc066cdb8dccc9ee840458c3 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:27:23 +0200 Subject: [PATCH 52/70] 0x76.dev: fix: image name --- cluster/apps/presidential-paradise/0x76dev/0x76.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml index 718b1dc..b56ad9a 100644 --- a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml +++ b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: x76dev - image: registry.xirion.net/library/0x76dev + image: registry.xirion.net/library/0x76.dev ports: - containerPort: 8080 --- From ce8d40fb8ac0c4818849fbd1b37a86e94fe6819e Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sat, 30 Oct 2021 21:32:41 +0200 Subject: [PATCH 53/70] 0x76.dev: add image pull secrets --- .../presidential-paradise/0x76dev/0x76.yaml | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml index b56ad9a..74dd9a4 100644 --- a/cluster/apps/presidential-paradise/0x76dev/0x76.yaml +++ b/cluster/apps/presidential-paradise/0x76dev/0x76.yaml @@ -16,10 +16,12 @@ spec: app: x76dev spec: containers: - - name: x76dev - image: registry.xirion.net/library/0x76.dev - ports: - - containerPort: 8080 + - name: x76dev + image: registry.xirion.net/library/0x76.dev + ports: + - containerPort: 8080 + imagePullSecrets: + - name: xirion-registry-creds --- apiVersion: v1 kind: Service @@ -41,13 +43,13 @@ metadata: spec: ingressClassName: "traefik" rules: - - host: "0x76.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: x76dev-service - port: - number: 8080 + - host: "0x76.dev" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: x76dev-service + port: + number: 8080 From 7e4ca3ee870e40977ff99aa1b61b2102a4956b92 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 12:37:28 +0100 Subject: [PATCH 54/70] flux,zookeeper: add image update automation --- .../zookeeper/deployment.yaml | 2 +- .../zookeeper/image-updater.yaml | 22 +++++++++++++++++ .../zookeeper/kustomization.yaml | 1 + .../flux-system/image-update-automation.yaml | 24 +++++++++++++++++++ cluster/base/flux-system/kustomization.yaml | 1 + 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 cluster/apps/presidential-paradise/zookeeper/image-updater.yaml create mode 100644 cluster/base/flux-system/image-update-automation.yaml diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index d753cce..c301bb9 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: docker.io/0x76/zookeeper:latest + image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "presidential-paradise:zookeeper"} ports: - name: web containerPort: 8085 diff --git a/cluster/apps/presidential-paradise/zookeeper/image-updater.yaml b/cluster/apps/presidential-paradise/zookeeper/image-updater.yaml new file mode 100644 index 0000000..e8cebaf --- /dev/null +++ b/cluster/apps/presidential-paradise/zookeeper/image-updater.yaml @@ -0,0 +1,22 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImageRepository +metadata: + name: zookeeper + namespace: presidential-paradise +spec: + image: registry.xirion.net/library/zookeeper + interval: 1m0s + secretRef: + name: xirion-registry-creds +--- +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImagePolicy +metadata: + name: zookeeper + namespace: presidential-paradise +spec: + imageRepositoryRef: + name: zookeeper + policy: + semver: + range: "*" diff --git a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml index 3716bd7..536f4ba 100644 --- a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - external-secret.yaml + - image-updater.yaml - deployment.yaml - svc.yaml - ingress.yaml diff --git a/cluster/base/flux-system/image-update-automation.yaml b/cluster/base/flux-system/image-update-automation.yaml new file mode 100644 index 0000000..2c8d235 --- /dev/null +++ b/cluster/base/flux-system/image-update-automation.yaml @@ -0,0 +1,24 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImageUpdateAutomation +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + sourceRef: + kind: GitRepository + name: flux-system + git: + checkout: + ref: + branch: main + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}' + push: + branch: main + update: + path: ./cluster/ + strategy: Setters diff --git a/cluster/base/flux-system/kustomization.yaml b/cluster/base/flux-system/kustomization.yaml index 2974f2d..e57a2e4 100644 --- a/cluster/base/flux-system/kustomization.yaml +++ b/cluster/base/flux-system/kustomization.yaml @@ -3,4 +3,5 @@ kind: Kustomization resources: - gotk-components.yaml - gotk-sync.yaml +- image-update-automation.yaml - charts From f1ffa9c343ddb5220c13db1cf911599b32a05275 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 12:46:21 +0100 Subject: [PATCH 55/70] make ImageUpdateAutomation namespace specific --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- cluster/base/flux-system/image-update-automation.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index c301bb9..3dff301 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "presidential-paradise:zookeeper"} + image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "presidential-paradise:zookeeper"} ports: - name: web containerPort: 8085 diff --git a/cluster/base/flux-system/image-update-automation.yaml b/cluster/base/flux-system/image-update-automation.yaml index 2c8d235..0802cf7 100644 --- a/cluster/base/flux-system/image-update-automation.yaml +++ b/cluster/base/flux-system/image-update-automation.yaml @@ -2,7 +2,7 @@ apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageUpdateAutomation metadata: name: flux-system - namespace: flux-system + namespace: presidential-paradise spec: interval: 1m0s sourceRef: @@ -20,5 +20,5 @@ spec: push: branch: main update: - path: ./cluster/ + path: ./cluster/apps/presidential-paradise strategy: Setters From ca6142adb125508dbe629d53e3a3a8af065055f6 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 12:47:52 +0100 Subject: [PATCH 56/70] update ref git repo --- cluster/base/flux-system/image-update-automation.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/base/flux-system/image-update-automation.yaml b/cluster/base/flux-system/image-update-automation.yaml index 0802cf7..85d3e3e 100644 --- a/cluster/base/flux-system/image-update-automation.yaml +++ b/cluster/base/flux-system/image-update-automation.yaml @@ -8,6 +8,7 @@ spec: sourceRef: kind: GitRepository name: flux-system + namespace: flux-system git: checkout: ref: From 740e2b9198c2750dbc630b3f001866c2c581c13a Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 12:54:47 +0100 Subject: [PATCH 57/70] flux: shuffle image update automation to proper namespaces --- .../zookeeper/deployment.yaml | 2 +- .../image-update-automation.yaml | 5 ++--- .../kustomization.yaml | 5 +++++ .../image-update-automation/zookeeper.yaml} | 4 ++-- cluster/base/flux-system/kustomization.yaml | 3 ++- .../flux-system/xirion-registry-creds.yaml | 19 +++++++++++++++++++ 6 files changed, 31 insertions(+), 7 deletions(-) rename cluster/base/flux-system/{ => image-update-automation}/image-update-automation.yaml (81%) create mode 100644 cluster/base/flux-system/image-update-automation/kustomization.yaml rename cluster/{apps/presidential-paradise/zookeeper/image-updater.yaml => base/flux-system/image-update-automation/zookeeper.yaml} (84%) create mode 100644 cluster/base/flux-system/xirion-registry-creds.yaml diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 3dff301..5054c40 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "presidential-paradise:zookeeper"} + image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "flux-system:zookeeper"} ports: - name: web containerPort: 8085 diff --git a/cluster/base/flux-system/image-update-automation.yaml b/cluster/base/flux-system/image-update-automation/image-update-automation.yaml similarity index 81% rename from cluster/base/flux-system/image-update-automation.yaml rename to cluster/base/flux-system/image-update-automation/image-update-automation.yaml index 85d3e3e..2c8d235 100644 --- a/cluster/base/flux-system/image-update-automation.yaml +++ b/cluster/base/flux-system/image-update-automation/image-update-automation.yaml @@ -2,13 +2,12 @@ apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageUpdateAutomation metadata: name: flux-system - namespace: presidential-paradise + namespace: flux-system spec: interval: 1m0s sourceRef: kind: GitRepository name: flux-system - namespace: flux-system git: checkout: ref: @@ -21,5 +20,5 @@ spec: push: branch: main update: - path: ./cluster/apps/presidential-paradise + path: ./cluster/ strategy: Setters diff --git a/cluster/base/flux-system/image-update-automation/kustomization.yaml b/cluster/base/flux-system/image-update-automation/kustomization.yaml new file mode 100644 index 0000000..42c052f --- /dev/null +++ b/cluster/base/flux-system/image-update-automation/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- image-update-automation.yaml +- zookeeper.yaml diff --git a/cluster/apps/presidential-paradise/zookeeper/image-updater.yaml b/cluster/base/flux-system/image-update-automation/zookeeper.yaml similarity index 84% rename from cluster/apps/presidential-paradise/zookeeper/image-updater.yaml rename to cluster/base/flux-system/image-update-automation/zookeeper.yaml index e8cebaf..6c95f6d 100644 --- a/cluster/apps/presidential-paradise/zookeeper/image-updater.yaml +++ b/cluster/base/flux-system/image-update-automation/zookeeper.yaml @@ -2,7 +2,7 @@ apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImageRepository metadata: name: zookeeper - namespace: presidential-paradise + namespace: flux-system spec: image: registry.xirion.net/library/zookeeper interval: 1m0s @@ -13,7 +13,7 @@ apiVersion: image.toolkit.fluxcd.io/v1beta1 kind: ImagePolicy metadata: name: zookeeper - namespace: presidential-paradise + namespace: flux-system spec: imageRepositoryRef: name: zookeeper diff --git a/cluster/base/flux-system/kustomization.yaml b/cluster/base/flux-system/kustomization.yaml index e57a2e4..fb0f20c 100644 --- a/cluster/base/flux-system/kustomization.yaml +++ b/cluster/base/flux-system/kustomization.yaml @@ -3,5 +3,6 @@ kind: Kustomization resources: - gotk-components.yaml - gotk-sync.yaml -- image-update-automation.yaml +- xirion-registry-creds.yaml +- image-update-automation - charts diff --git a/cluster/base/flux-system/xirion-registry-creds.yaml b/cluster/base/flux-system/xirion-registry-creds.yaml new file mode 100644 index 0000000..72503eb --- /dev/null +++ b/cluster/base/flux-system/xirion-registry-creds.yaml @@ -0,0 +1,19 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + name: xirion-registry-creds + namespace: flux-system +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: xirion-registry-creds + template: + type: kubernetes.io/dockerconfigjson + data: + - secretKey: .dockerconfigjson + remoteRef: + key: xirion-registry-creds + property: dockerconfigjson From b5f464ed63940a9912c7ca2c658a30cf5f095bfd Mon Sep 17 00:00:00 2001 From: fluxcdbot Date: Sun, 31 Oct 2021 11:54:55 +0000 Subject: [PATCH 58/70] registry.xirion.net/library/zookeeper:0.2.4 --- .../zookeeper/deployment.yaml | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 5054c40..d0351f2 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -22,30 +22,30 @@ spec: app: zookeeper spec: containers: - - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.2.0 # {"$imagepolicy": "flux-system:zookeeper"} - ports: - - name: web - containerPort: 8085 - - name: epmd - containerPort: 4369 - envFrom: - - secretRef: - name: zookeeper - env: - - name: LANG - value: C.UTF-8 - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_NAME - value: zookeeper-private.presidential-paradise.svc.cluster.local - resources: {} - securityContext: - privileged: false - procMount: Default - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File + - name: zookeeper + image: registry.xirion.net/library/zookeeper:0.2.4 # {"$imagepolicy": "flux-system:zookeeper"} + ports: + - name: web + containerPort: 8085 + - name: epmd + containerPort: 4369 + envFrom: + - secretRef: + name: zookeeper + env: + - name: LANG + value: C.UTF-8 + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_NAME + value: zookeeper-private.presidential-paradise.svc.cluster.local + resources: {} + securityContext: + privileged: false + procMount: Default + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File dnsPolicy: ClusterFirst terminationGracePeriodSeconds: 30 From b2acd92b1da602cb16ae819f6ad894bcf1bcf03a Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 13:04:21 +0100 Subject: [PATCH 59/70] zookeeper: add imagepullsecrets --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index d0351f2..ddbaa4d 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -21,6 +21,8 @@ spec: labels: app: zookeeper spec: + imagePullSecrets: + - name: xirion-registry-creds containers: - name: zookeeper image: registry.xirion.net/library/zookeeper:0.2.4 # {"$imagepolicy": "flux-system:zookeeper"} From a4509d8598729bc1798b646ace45124aa21c7009 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 31 Oct 2021 13:06:01 +0100 Subject: [PATCH 60/70] zookeeper: remove image automation from kustom --- cluster/apps/presidential-paradise/zookeeper/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml index 536f4ba..3716bd7 100644 --- a/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - external-secret.yaml - - image-updater.yaml - deployment.yaml - svc.yaml - ingress.yaml From 194ff571289d0926ea871b7a293045ad78b25bc4 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Wed, 3 Nov 2021 00:21:53 +0100 Subject: [PATCH 61/70] Add Flux v0.21.0 component manifests --- cluster/base/flux-system/gotk-components.yaml | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 9f99303..e55fadd 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -16,7 +16,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -228,7 +228,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -459,7 +459,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -789,7 +789,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1044,7 +1044,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1804,7 +1804,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2022,7 +2022,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2611,7 +2611,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3169,7 +3169,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3971,7 +3971,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5046,7 +5046,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5246,7 +5246,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5463,7 +5463,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: helm-controller namespace: flux-system --- @@ -5473,7 +5473,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: image-automation-controller namespace: flux-system --- @@ -5483,7 +5483,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: image-reflector-controller namespace: flux-system --- @@ -5493,7 +5493,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: kustomize-controller namespace: flux-system --- @@ -5503,7 +5503,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: notification-controller namespace: flux-system --- @@ -5513,7 +5513,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: source-controller namespace: flux-system --- @@ -5523,7 +5523,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: crd-controller-flux-system rules: - apiGroups: @@ -5604,7 +5604,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5624,7 +5624,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5656,7 +5656,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: notification-controller namespace: flux-system @@ -5676,7 +5676,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: source-controller namespace: flux-system @@ -5696,7 +5696,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5716,7 +5716,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: helm-controller namespace: flux-system @@ -5789,7 +5789,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5864,7 +5864,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -5943,7 +5943,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -6018,7 +6018,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6094,7 +6094,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 control-plane: controller name: source-controller namespace: flux-system @@ -6127,7 +6127,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.17.0 + image: ghcr.io/fluxcd/source-controller:v0.17.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6178,7 +6178,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: allow-egress namespace: flux-system spec: @@ -6198,7 +6198,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: allow-scraping namespace: flux-system spec: @@ -6218,7 +6218,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.20.0 + app.kubernetes.io/version: v0.21.0 name: allow-webhooks namespace: flux-system spec: From 12fcf36eb0cf27a9a832c8b22ea506d4b76fb329 Mon Sep 17 00:00:00 2001 From: fluxcdbot Date: Wed, 3 Nov 2021 14:39:12 +0000 Subject: [PATCH 62/70] registry.xirion.net/library/zookeeper:0.2.5 --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index ddbaa4d..718630d 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -25,7 +25,7 @@ spec: - name: xirion-registry-creds containers: - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.2.4 # {"$imagepolicy": "flux-system:zookeeper"} + image: registry.xirion.net/library/zookeeper:0.2.5 # {"$imagepolicy": "flux-system:zookeeper"} ports: - name: web containerPort: 8085 From 4d8dc807e4fad7b174268dafea8c8241c5a62ee3 Mon Sep 17 00:00:00 2001 From: fluxcdbot Date: Thu, 4 Nov 2021 11:19:42 +0000 Subject: [PATCH 63/70] registry.xirion.net/library/zookeeper:0.3.0 --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 718630d..9cf8f1f 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -25,7 +25,7 @@ spec: - name: xirion-registry-creds containers: - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.2.5 # {"$imagepolicy": "flux-system:zookeeper"} + image: registry.xirion.net/library/zookeeper:0.3.0 # {"$imagepolicy": "flux-system:zookeeper"} ports: - name: web containerPort: 8085 From 55ea4414aafb4801e9999bd9bb47ec05e4475701 Mon Sep 17 00:00:00 2001 From: fluxcdbot Date: Fri, 5 Nov 2021 00:50:58 +0000 Subject: [PATCH 64/70] registry.xirion.net/library/zookeeper:0.3.1 --- cluster/apps/presidential-paradise/zookeeper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml index 9cf8f1f..1404435 100644 --- a/cluster/apps/presidential-paradise/zookeeper/deployment.yaml +++ b/cluster/apps/presidential-paradise/zookeeper/deployment.yaml @@ -25,7 +25,7 @@ spec: - name: xirion-registry-creds containers: - name: zookeeper - image: registry.xirion.net/library/zookeeper:0.3.0 # {"$imagepolicy": "flux-system:zookeeper"} + image: registry.xirion.net/library/zookeeper:0.3.1 # {"$imagepolicy": "flux-system:zookeeper"} ports: - name: web containerPort: 8085 From 4a4cb3f59b714c9c54af8335b181e2995a30872e Mon Sep 17 00:00:00 2001 From: Flux <> Date: Fri, 12 Nov 2021 01:18:50 +0100 Subject: [PATCH 65/70] Add Flux v0.22.1 component manifests --- cluster/base/flux-system/gotk-components.yaml | 94 ++++++++++--------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index e55fadd..19d4394 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -1,10 +1,14 @@ +--- +# This manifest was generated by flux. DO NOT EDIT. +# Flux Version: v0.22.1 +# Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -16,7 +20,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -228,7 +232,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -459,7 +463,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -789,7 +793,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1044,7 +1048,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1804,7 +1808,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2022,7 +2026,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2611,7 +2615,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3169,7 +3173,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3452,7 +3456,6 @@ spec: from the Git repository. properties: branch: - default: master description: The Git branch to checkout, defaults to master. type: string commit: @@ -3724,7 +3727,6 @@ spec: from the Git repository. properties: branch: - default: master description: The Git branch to checkout, defaults to master. type: string commit: @@ -3971,7 +3973,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5046,7 +5048,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5246,7 +5248,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5463,7 +5465,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: helm-controller namespace: flux-system --- @@ -5473,7 +5475,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: image-automation-controller namespace: flux-system --- @@ -5483,7 +5485,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: image-reflector-controller namespace: flux-system --- @@ -5493,7 +5495,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: kustomize-controller namespace: flux-system --- @@ -5503,7 +5505,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: notification-controller namespace: flux-system --- @@ -5513,7 +5515,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: source-controller namespace: flux-system --- @@ -5523,7 +5525,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: crd-controller-flux-system rules: - apiGroups: @@ -5604,7 +5606,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5624,7 +5626,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5656,7 +5658,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: notification-controller namespace: flux-system @@ -5676,7 +5678,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: source-controller namespace: flux-system @@ -5696,7 +5698,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5716,7 +5718,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: helm-controller namespace: flux-system @@ -5735,7 +5737,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5745,7 +5747,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.12.1 + image: ghcr.io/fluxcd/helm-controller:v0.12.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5789,7 +5791,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5808,7 +5810,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5818,7 +5820,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-automation-controller:v0.16.0 + image: ghcr.io/fluxcd/image-automation-controller:v0.17.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5864,7 +5866,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -5883,7 +5885,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5893,7 +5895,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-reflector-controller:v0.13.0 + image: ghcr.io/fluxcd/image-reflector-controller:v0.13.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5943,7 +5945,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5962,7 +5964,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5972,7 +5974,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.16.0 + image: ghcr.io/fluxcd/kustomize-controller:v0.17.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6018,7 +6020,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: notification-controller namespace: flux-system @@ -6094,7 +6096,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 control-plane: controller name: source-controller namespace: flux-system @@ -6115,7 +6117,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -6127,7 +6129,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.17.1 + image: ghcr.io/fluxcd/source-controller:v0.17.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6178,7 +6180,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: allow-egress namespace: flux-system spec: @@ -6198,7 +6200,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: allow-scraping namespace: flux-system spec: @@ -6218,7 +6220,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: v0.22.1 name: allow-webhooks namespace: flux-system spec: From fa8e32de4fb06e6a9743261c84b5a31a741f152c Mon Sep 17 00:00:00 2001 From: Flux <> Date: Fri, 12 Nov 2021 01:18:51 +0100 Subject: [PATCH 66/70] Add Flux sync manifests --- cluster/base/flux-system/gotk-sync.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/base/flux-system/gotk-sync.yaml b/cluster/base/flux-system/gotk-sync.yaml index 671309f..3cc9512 100644 --- a/cluster/base/flux-system/gotk-sync.yaml +++ b/cluster/base/flux-system/gotk-sync.yaml @@ -1,3 +1,4 @@ +# This manifest was generated by flux. DO NOT EDIT. --- apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: GitRepository From 1a21062e595942b5f68e45f678c3b921d4a1e503 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Mon, 15 Nov 2021 14:26:57 +0100 Subject: [PATCH 67/70] Add Flux v0.23.0 component manifests --- cluster/base/flux-system/gotk-components.yaml | 88 +++++++++---------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 19d4394..2db9961 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.22.1 +# Flux Version: v0.23.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -20,7 +20,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -232,7 +232,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -337,7 +337,7 @@ spec: Bucket sync. properties: checksum: - description: Checksum is the SHA1 checksum of the artifact. + description: Checksum is the SHA256 checksum of the artifact. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -463,7 +463,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -637,7 +637,7 @@ spec: repository sync. properties: checksum: - description: Checksum is the SHA1 checksum of the artifact. + description: Checksum is the SHA256 checksum of the artifact. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -736,7 +736,7 @@ spec: description: Artifact represents the output of a source synchronisation. properties: checksum: - description: Checksum is the SHA1 checksum of the artifact. + description: Checksum is the SHA256 checksum of the artifact. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -793,7 +793,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -923,7 +923,7 @@ spec: chart sync. properties: checksum: - description: Checksum is the SHA1 checksum of the artifact. + description: Checksum is the SHA256 checksum of the artifact. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -1048,7 +1048,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1808,7 +1808,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1901,7 +1901,7 @@ spec: repository sync. properties: checksum: - description: Checksum is the SHA1 checksum of the artifact. + description: Checksum is the SHA256 checksum of the artifact. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to @@ -2026,7 +2026,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2615,7 +2615,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3173,7 +3173,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3973,7 +3973,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5048,7 +5048,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5248,7 +5248,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5465,7 +5465,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: helm-controller namespace: flux-system --- @@ -5475,7 +5475,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: image-automation-controller namespace: flux-system --- @@ -5485,7 +5485,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: image-reflector-controller namespace: flux-system --- @@ -5495,7 +5495,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: kustomize-controller namespace: flux-system --- @@ -5505,7 +5505,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: notification-controller namespace: flux-system --- @@ -5515,7 +5515,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: source-controller namespace: flux-system --- @@ -5525,7 +5525,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: crd-controller-flux-system rules: - apiGroups: @@ -5606,7 +5606,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5626,7 +5626,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5658,7 +5658,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: notification-controller namespace: flux-system @@ -5678,7 +5678,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: source-controller namespace: flux-system @@ -5698,7 +5698,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5718,7 +5718,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: helm-controller namespace: flux-system @@ -5747,7 +5747,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.12.2 + image: ghcr.io/fluxcd/helm-controller:v0.13.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5791,7 +5791,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5866,7 +5866,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -5895,7 +5895,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-reflector-controller:v0.13.1 + image: ghcr.io/fluxcd/image-reflector-controller:v0.13.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5945,7 +5945,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5974,7 +5974,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.17.0 + image: ghcr.io/fluxcd/kustomize-controller:v0.18.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6020,7 +6020,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6096,7 +6096,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 control-plane: controller name: source-controller namespace: flux-system @@ -6129,7 +6129,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.17.2 + image: ghcr.io/fluxcd/source-controller:v0.18.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6180,7 +6180,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: allow-egress namespace: flux-system spec: @@ -6200,7 +6200,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: allow-scraping namespace: flux-system spec: @@ -6220,7 +6220,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.22.1 + app.kubernetes.io/version: v0.23.0 name: allow-webhooks namespace: flux-system spec: From 004ef64c8e8f895aa22e5d5c495e11ba892acda1 Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Mon, 15 Nov 2021 14:38:07 +0100 Subject: [PATCH 68/70] traefik: update to 10.6.2 --- cluster/apps/networking/traefik/helm-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/apps/networking/traefik/helm-release.yaml b/cluster/apps/networking/traefik/helm-release.yaml index 91a489a..18f4082 100644 --- a/cluster/apps/networking/traefik/helm-release.yaml +++ b/cluster/apps/networking/traefik/helm-release.yaml @@ -10,7 +10,7 @@ spec: spec: # renovate: registryUrl=https://helm.traefik.io/traefik chart: traefik - version: 10.6.0 + version: 10.6.2 sourceRef: kind: HelmRepository name: traefik-charts @@ -39,7 +39,7 @@ spec: globalArguments: - "--providers.kubernetesingress.ingressclass=traefik" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23" - additionalArguments: + additionalArguments: - "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150" ports: traefik: From 235c387bf246f1afa767ea23c1c841df77d9d7cb Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Mon, 15 Nov 2021 14:38:25 +0100 Subject: [PATCH 69/70] meta: add bootstrap script --- bootstrap.sh | 2 ++ 1 file changed, 2 insertions(+) create mode 100755 bootstrap.sh diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..29f0d6b --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,2 @@ +#!/bin/sh +flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller From 57e0c3e15534303076055628a469603c385f383a Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Mon, 15 Nov 2021 14:40:00 +0100 Subject: [PATCH 70/70] crds: update traefik --- cluster/crds/traefik/crds.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/crds/traefik/crds.yaml b/cluster/crds/traefik/crds.yaml index fa7428c..89e3fa1 100644 --- a/cluster/crds/traefik/crds.yaml +++ b/cluster/crds/traefik/crds.yaml @@ -9,7 +9,7 @@ spec: url: https://github.com/traefik/traefik-helm-chart.git ref: # renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik - tag: v10.6.0 + tag: v10.6.2 ignore: | # exclude all /*