X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=deploy%2Fcluster%2Ftemplates%2Fflux-addon.yaml;h=83a420febb84334ba18c4d7cc62da70da7f0a269;hb=b13f5643b2c17bca79fce39612f8c8c87158632a;hp=c0402531a0b5ad26efd23a926357c71cd1bc3954;hpb=324241118a350eae37a7909306817f582d0db5b6;p=icn.git diff --git a/deploy/cluster/templates/flux-addon.yaml b/deploy/cluster/templates/flux-addon.yaml index c040253..83a420f 100644 --- a/deploy/cluster/templates/flux-addon.yaml +++ b/deploy/cluster/templates/flux-addon.yaml @@ -5,7 +5,7 @@ data: flux-system.yaml: | --- # This manifest was generated by flux. DO NOT EDIT. - # Flux Version: v0.25.3 + # Flux Version: v0.27.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -13,7 +13,9 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest name: flux-system --- apiVersion: apiextensions.k8s.io/v1 @@ -25,7 +27,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -97,6 +99,15 @@ data: - ImagePolicy - ImageUpdateAutomation type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object name: description: Name of the referent maxLength: 53 @@ -232,12 +243,12 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -353,8 +364,8 @@ data: of this source. type: boolean timeout: - default: 20s - description: The timeout for download operations, defaults to 20s. + default: 60s + description: The timeout for download operations, defaults to 60s. type: string required: - bucketName @@ -492,12 +503,12 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -655,9 +666,9 @@ data: of this source. type: boolean timeout: - default: 20s + default: 60s description: The timeout for remote Git operations like cloning, defaults - to 20s. + to 60s. type: string url: description: The repository URL, can be a HTTP/S or SSH address. @@ -851,12 +862,12 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1140,7 +1151,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1632,6 +1643,10 @@ data: description: DisableHooks prevents hooks from running during the Helm rollback action. type: boolean + disableWait: + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. + type: boolean keepHistory: description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. @@ -1913,12 +1928,12 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2165,7 +2180,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -3054,6 +3069,14 @@ data: maxLength: 253 minLength: 1 type: string + optional: + default: false + description: Optional indicates whether the referenced resource + must exist, or whether to tolerate its absence. If true + and the referenced resource is absent, proceed as if the + resource was present but empty, without any variables + defined. + type: boolean required: - kind - name @@ -3266,7 +3289,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -3363,6 +3386,7 @@ data: - matrix - opsgenie - alertmanager + - grafana type: string username: description: Bot username for this provider @@ -3470,7 +3494,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -3539,6 +3563,15 @@ data: - ImagePolicy - ImageUpdateAutomation type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object name: description: Name of the referent maxLength: 53 @@ -3687,7 +3720,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: helm-controller namespace: flux-system --- @@ -3697,7 +3730,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: kustomize-controller namespace: flux-system --- @@ -3707,7 +3740,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: notification-controller namespace: flux-system --- @@ -3717,7 +3750,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: source-controller namespace: flux-system --- @@ -3727,7 +3760,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: crd-controller-flux-system rules: - apiGroups: @@ -3808,7 +3841,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -3828,7 +3861,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -3860,7 +3893,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: notification-controller namespace: flux-system @@ -3880,7 +3913,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: source-controller namespace: flux-system @@ -3900,7 +3933,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -3920,7 +3953,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: helm-controller namespace: flux-system @@ -3949,7 +3982,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.15.0 + image: ghcr.io/fluxcd/helm-controller:v0.17.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3959,6 +3992,7 @@ data: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -3975,7 +4009,13 @@ data: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -3993,7 +4033,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -4022,7 +4062,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.19.1 + image: ghcr.io/fluxcd/kustomize-controller:v0.21.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4032,6 +4072,7 @@ data: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -4048,7 +4089,13 @@ data: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -4068,7 +4115,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: notification-controller namespace: flux-system @@ -4096,7 +4143,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.20.1 + image: ghcr.io/fluxcd/notification-controller:v0.22.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4106,10 +4153,13 @@ data: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 9292 name: http-webhook + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -4126,7 +4176,13 @@ data: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -4144,7 +4200,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 control-plane: controller name: source-controller namespace: flux-system @@ -4177,7 +4233,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.20.1 + image: ghcr.io/fluxcd/source-controller:v0.21.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4187,10 +4243,13 @@ data: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz + protocol: TCP readinessProbe: httpGet: path: / @@ -4204,7 +4263,13 @@ data: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /data name: data @@ -4228,7 +4293,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: allow-egress namespace: flux-system spec: @@ -4248,7 +4313,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: allow-scraping namespace: flux-system spec: @@ -4268,7 +4333,7 @@ data: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.25.3 + app.kubernetes.io/version: v0.27.0 name: allow-webhooks namespace: flux-system spec: @@ -4280,6 +4345,20 @@ data: app: notification-controller policyTypes: - Ingress + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: psp:privileged:flux-system + namespace: flux-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp:privileged + subjects: + - kind: Group + name: system:serviceaccounts:flux-system + apiGroup: rbac.authorization.k8s.io sync.yaml: | {{- if .Values.flux.decryptionSecret }} ---