data:
flux-system.yaml: |
---
- # Flux version: v0.20.0
+ # This manifest was generated by flux. DO NOT EDIT.
+ # Flux Version: v0.25.3
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: flux-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - jsonPath: .spec.endpoint
+ name: Endpoint
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
description: BucketSpec defines the desired state of an S3 compatible
bucket
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
bucketName:
description: The bucket name.
type: string
- interval
type: object
status:
+ default:
+ observedGeneration: -1
description: BucketStatus defines the observed state of a bucket
properties:
artifact:
Bucket sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: GitRepositorySpec defines the desired state of a Git repository.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
gitImplementation:
default: go-git
description: Determines which git client library to use. Defaults
- url
type: object
status:
+ default:
+ observedGeneration: -1
description: GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
repository sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
description: Artifact represents the output of a source synchronisation.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: HelmChartSpec defines the desired state of a Helm chart.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
chart:
description: The name or path the Helm chart is available at in the
SourceRef.
- sourceRef
type: object
status:
+ default:
+ observedGeneration: -1
description: HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
chart sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
with an array of operation objects.
items:
description: JSON6902 is a JSON6902 operation object.
- https://tools.ietf.org/html/rfc6902#section-4
+ https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value
+ that references a location within the target
+ document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
type: string
op:
+ description: Op indicates the operation to perform.
+ Its value MUST be one of "add", "remove",
+ "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer
+ value that references a location within the
+ target document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op.
type: string
value:
+ description: Value contains a valid JSON structure.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: HelmRepositorySpec defines the reference to a Helm repository.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
interval:
description: The interval at which to check the upstream for updates.
type: string
- url
type: object
status:
+ default:
+ observedGeneration: -1
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
repository sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
- description: Patch contains either a StrategicMerge or a JSON6902
- patch, either a file or inline, and the target the patch should
- be applied to.
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
properties:
patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
description: Patch contains the JSON6902 patch document with
an array of operation objects.
items:
- description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
type: string
op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
type: string
value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
- description: Patch contains either a StrategicMerge or a JSON6902
- patch, either a file or inline, and the target the patch should
- be applied to.
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
properties:
patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
description: Patch contains the JSON6902 patch document with
an array of operation objects.
items:
- description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
type: string
op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
type: string
value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
required:
- name
type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
type:
description: Type of provider
enum:
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: helm-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: kustomize-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: notification-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: source-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: crd-controller-flux-system
rules:
- apiGroups:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: notification-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: source-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: webhook-receiver
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.12.1
+ image: ghcr.io/fluxcd/helm-controller:v0.15.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: kustomize-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.16.0
+ image: ghcr.io/fluxcd/kustomize-controller:v0.19.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: notification-controller
namespace: flux-system
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.18.1
+ image: ghcr.io/fluxcd/notification-controller:v0.20.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
control-plane: controller
name: source-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.17.0
+ image: ghcr.io/fluxcd/source-controller:v0.20.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: allow-egress
namespace: flux-system
spec:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: allow-scraping
namespace: flux-system
spec:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.25.3
name: allow-webhooks
namespace: flux-system
spec:
policyTypes:
- Ingress
---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: psp:privileged:flux-system
+ namespace: flux-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp:privileged
+ subjects:
+ - kind: Group
+ name: system:serviceaccounts:flux-system
+ apiGroup: rbac.authorization.k8s.io
sync.yaml: |
{{- if .Values.flux.decryptionSecret }}
---
Code Review / icn.git / blobdiff