apiVersion: v1
data:
flux-system.yaml: |
- ---
- # Flux version: v0.20.0
- # Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/warn-version: latest
name: flux-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
- ImagePolicy
- ImageUpdateAutomation
type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
name:
description: Name of the referent
maxLength: 53
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - jsonPath: .spec.endpoint
+ name: Endpoint
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
description: BucketSpec defines the desired state of an S3 compatible
bucket
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
bucketName:
description: The bucket name.
type: string
of this source.
type: boolean
timeout:
- default: 20s
- description: The timeout for download operations, defaults to 20s.
+ default: 60s
+ description: The timeout for download operations, defaults to 60s.
type: string
required:
- bucketName
- interval
type: object
status:
+ default:
+ observedGeneration: -1
description: BucketStatus defines the observed state of a bucket
properties:
artifact:
Bucket sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: GitRepositorySpec defines the desired state of a Git repository.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
gitImplementation:
default: go-git
description: Determines which git client library to use. Defaults
of this source.
type: boolean
timeout:
- default: 20s
+ default: 60s
description: The timeout for remote Git operations like cloning, defaults
- to 20s.
+ to 60s.
type: string
url:
description: The repository URL, can be a HTTP/S or SSH address.
- url
type: object
status:
+ default:
+ observedGeneration: -1
description: GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
repository sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
description: Artifact represents the output of a source synchronisation.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: HelmChartSpec defines the desired state of a Helm chart.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
chart:
description: The name or path the Helm chart is available at in the
SourceRef.
- sourceRef
type: object
status:
+ default:
+ observedGeneration: -1
description: HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
chart sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
with an array of operation objects.
items:
description: JSON6902 is a JSON6902 operation object.
- https://tools.ietf.org/html/rfc6902#section-4
+ https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value
+ that references a location within the target
+ document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
type: string
op:
+ description: Op indicates the operation to perform.
+ Its value MUST be one of "add", "remove",
+ "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer
+ value that references a location within the
+ target document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op.
type: string
value:
+ description: Value contains a valid JSON structure.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
description: DisableHooks prevents hooks from running during the
Helm rollback action.
type: boolean
+ disableWait:
+ description: DisableWait disables waiting for all the resources
+ to be deleted after a Helm uninstall is performed.
+ type: boolean
keepHistory:
description: KeepHistory tells Helm to remove all associated resources
and mark the release as deleted, but retain the release history.
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
spec:
description: HelmRepositorySpec defines the reference to a Helm repository.
properties:
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
interval:
description: The interval at which to check the upstream for updates.
type: string
- url
type: object
status:
+ default:
+ observedGeneration: -1
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
repository sync.
properties:
checksum:
- description: Checksum is the SHA1 checksum of the artifact.
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
- description: Patch contains either a StrategicMerge or a JSON6902
- patch, either a file or inline, and the target the patch should
- be applied to.
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
properties:
patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
description: Patch contains the JSON6902 patch document with
an array of operation objects.
items:
- description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
type: string
op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
type: string
value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
- description: Patch contains either a StrategicMerge or a JSON6902
- patch, either a file or inline, and the target the patch should
- be applied to.
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
properties:
patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
type: string
target:
description: Target points to the resources that the patch document
description: Patch contains the JSON6902 patch document with
an array of operation objects.
items:
- description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
properties:
from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
type: string
op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
enum:
- test
- remove
- copy
type: string
path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
type: string
value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
maxLength: 253
minLength: 1
type: string
+ optional:
+ default: false
+ description: Optional indicates whether the referenced resource
+ must exist, or whether to tolerate its absence. If true
+ and the referenced resource is absent, proceed as if the
+ resource was present but empty, without any variables
+ defined.
+ type: boolean
required:
- kind
- name
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
required:
- name
type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
type:
description: Type of provider
enum:
- matrix
- opsgenie
- alertmanager
+ - grafana
type: string
username:
description: Bot username for this provider
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.5.0
+ controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
- ImagePolicy
- ImageUpdateAutomation
type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
name:
description: Name of the referent
maxLength: 53
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: helm-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: kustomize-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: notification-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: source-controller
namespace: flux-system
---
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: crd-controller-flux-system
rules:
- apiGroups:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: notification-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: source-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: webhook-receiver
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.12.1
+ image: ghcr.io/fluxcd/helm-controller:v0.17.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
ports:
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: kustomize-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.16.0
+ image: ghcr.io/fluxcd/kustomize-controller:v0.21.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
ports:
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: notification-controller
namespace: flux-system
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.18.1
+ image: ghcr.io/fluxcd/notification-controller:v0.22.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
ports:
- containerPort: 9090
name: http
+ protocol: TCP
- containerPort: 9292
name: http-webhook
+ protocol: TCP
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
control-plane: controller
name: source-controller
namespace: flux-system
spec:
containers:
- args:
- - --events-addr=http://notification-controller/
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local/
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.17.0
+ image: ghcr.io/fluxcd/source-controller:v0.21.2
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
ports:
- containerPort: 9090
name: http
+ protocol: TCP
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
+ protocol: TCP
readinessProbe:
httpGet:
path: /
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: allow-egress
namespace: flux-system
spec:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: allow-scraping
namespace: flux-system
spec:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.20.0
+ app.kubernetes.io/version: v0.27.0
name: allow-webhooks
namespace: flux-system
spec:
policyTypes:
- Ingress
---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: psp:privileged:flux-system
+ namespace: flux-system
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp:privileged
+ subjects:
+ - kind: Group
+ name: system:serviceaccounts:flux-system
+ apiGroup: rbac.authorization.k8s.io
sync.yaml: |
{{- if .Values.flux.decryptionSecret }}
---
Code Review / icn.git / blobdiff