diff --git a/1.yaml b/1.yaml new file mode 100644 index 0000000..d1aaac8 --- /dev/null +++ b/1.yaml @@ -0,0 +1,11468 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest + name: flux-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: gateway +--- +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: enabled + name: vault +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: critical-pods-flux-system + namespace: flux-system +spec: + hard: + pods: "1000" + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical + - system-cluster-critical +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 + name: v1beta2 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects. + properties: + eventMetadata: + additionalProperties: + type: string + description: "EventMetadata is an optional field for adding metadata + to events dispatched by the\ncontroller. This can be used for enhancing + the context of the event. If a field\nwould override one already + present on the original event as generated by the emitter,\nthen + the override doesn't happen, i.e. the original value is preserved, + and an info\nlog is printed. " + type: object + eventSeverity: + default: info + description: "EventSeverity specifies how to filter events based on + severity.\nIf set to 'info' no events will be filtered. " + enum: + - info + - error + type: string + eventSources: + description: "EventSources specifies how to filter events based\non + the involved object kind, name and namespace. " + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + exclusionList: + description: "ExclusionList specifies a list of Golang regular expressions\nto + be used for excluding messages. " + items: + type: string + type: array + inclusionList: + description: "InclusionList specifies a list of Golang regular expressions\nto + be used for including messages. " + items: + type: string + type: array + providerRef: + description: ProviderRef specifies which Provider this Alert should + use. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: Summary holds a short description of the impact and affected + cluster. + maxLength: 255 + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Alert. " + type: boolean + required: + - eventSources + - providerRef + type: object + status: + default: + observedGeneration: -1 + description: AlertStatus defines the observed state of the Alert. + properties: + conditions: + description: Conditions holds the conditions for the Alert. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta3 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects. + properties: + eventMetadata: + additionalProperties: + type: string + description: "EventMetadata is an optional field for adding metadata + to events dispatched by the\ncontroller. This can be used for enhancing + the context of the event. If a field\nwould override one already + present on the original event as generated by the emitter,\nthen + the override doesn't happen, i.e. the original value is preserved, + and an info\nlog is printed. " + type: object + eventSeverity: + default: info + description: "EventSeverity specifies how to filter events based on + severity.\nIf set to 'info' no events will be filtered. " + enum: + - info + - error + type: string + eventSources: + description: "EventSources specifies how to filter events based\non + the involved object kind, name and namespace. " + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + exclusionList: + description: "ExclusionList specifies a list of Golang regular expressions\nto + be used for excluding messages. " + items: + type: string + type: array + inclusionList: + description: "InclusionList specifies a list of Golang regular expressions\nto + be used for including messages. " + items: + type: string + type: array + providerRef: + description: ProviderRef specifies which Provider this Alert should + use. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: "Summary holds a short description of the impact and + affected cluster.\nDeprecated: Use EventMetadata instead. " + maxLength: 255 + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Alert. " + type: boolean + required: + - eventSources + - providerRef + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "BucketSpec specifies the required configuration to produce + an Artifact for\nan object storage bucket. " + properties: + bucketName: + description: BucketName is the name of the object storage bucket. + type: string + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nbucket. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis + field is only supported for the `generic` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + endpoint: + description: Endpoint is the object storage address the BucketName + is located at. + type: string + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP Endpoint. + type: boolean + interval: + description: "Interval at which the Bucket Endpoint is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + prefix: + description: Prefix to use for server-side filtering of files in the + Bucket. + type: string + provider: + default: generic + description: "Provider of the object storage bucket.\nDefaults to + 'generic', which expects an S3 (API) compatible object\nstorage. + \ " + enum: + - generic + - aws + - gcp + - azure + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the Bucket server. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + region: + description: Region of the Endpoint where the BucketName is located + in. + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the Bucket. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate\nthe bucket. This field is only supported for + the 'gcp' and 'aws' providers.\nFor more information about workload + identity:\nhttps://fluxcd.io/flux/components/source/buckets/#workload-identity + \ " + type: string + sts: + description: "STS specifies the required configuration to use a Security + Token\nService for fetching temporary credentials to authenticate + in a\nBucket provider.\n\nThis field is only supported for the `aws` + and `generic` providers. " + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret + containing\neither or both of\n\n- a PEM-encoded client certificate + (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA + certificate (`ca.crt`)\n\nand whichever are supplied, will be + used for connecting to the\nSTS endpoint. The client cert and + key are useful if you are\nauthenticating with a certificate; + the CA cert is useful if\nyou are using a self-signed server + certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis + field is only supported for the `ldap` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + endpoint: + description: "Endpoint is the HTTP/S endpoint of the Security + Token Service from\nwhere temporary credentials will be fetched. + \ " + pattern: ^(http|https)://.*$ + type: string + provider: + description: Provider of the Security Token Service. + enum: + - aws + - ldap + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the STS endpoint. This Secret must contain + the fields `username`\nand `password` and is supported only + for the `ldap` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - endpoint + - provider + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nBucket. " + type: boolean + timeout: + default: 60s + description: Timeout for fetch operations, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + required: + - bucketName + - endpoint + - interval + type: object + x-kubernetes-validations: + - message: STS configuration is only supported for the 'aws' and 'generic' + Bucket providers + rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) + - message: '''aws'' is the only supported STS provider for the ''aws'' + Bucket provider' + rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider + == 'aws' + - message: '''ldap'' is the only supported STS provider for the ''generic'' + Bucket provider' + rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider + == 'ldap' + - message: spec.sts.secretRef is not required for the 'aws' STS provider + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' + - message: spec.sts.certSecretRef is not required for the 'aws' STS provider + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' + - message: ServiceAccountName is not supported for the 'generic' Bucket + provider + rule: self.provider != 'generic' || !has(self.serviceAccountName) + - message: cannot set both .spec.secretRef and .spec.serviceAccountName + rule: '!has(self.secretRef) || !has(self.serviceAccountName)' + status: + default: + observedGeneration: -1 + description: BucketStatus records the observed state of a Bucket. + properties: + artifact: + description: Artifact represents the last successful Bucket reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Bucket object. + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: externalartifacts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: ExternalArtifact + listKind: ExternalArtifactList + plural: externalartifacts + singular: externalartifact + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.sourceRef.name + name: Source + type: string + name: v1 + schema: + openAPIV3Schema: + description: ExternalArtifact is the Schema for the external artifacts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ExternalArtifactSpec defines the desired state of ExternalArtifact + properties: + sourceRef: + description: "SourceRef points to the Kubernetes custom resource for\nwhich + the artifact is generated. " + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: object + status: + description: ExternalArtifactStatus defines the observed state of ExternalArtifact + properties: + artifact: + description: Artifact represents the output of an ExternalArtifact + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the ExternalArtifact. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "GitRepositorySpec specifies the required configuration to + produce an\nArtifact for a Git repository. " + properties: + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + include: + description: "Include specifies a list of GitRepository resources + which Artifacts\nshould be included in the Artifact produced for + this GitRepository. " + items: + description: "GitRepositoryInclude specifies a local reference to + a GitRepository which\nArtifact (sub-)contents must be included, + and where they should be placed. " + properties: + fromPath: + description: "FromPath specifies the path to copy contents from, + defaults to the root\nof the Artifact. " + type: string + repository: + description: "GitRepositoryRef specifies the GitRepository which + Artifact contents\nmust be included. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: "ToPath specifies the path to copy contents to, + defaults to the name of\nthe GitRepositoryRef. " + type: string + required: + - repository + type: object + type: array + interval: + description: "Interval at which the GitRepository URL is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + provider: + description: "Provider used for authentication, can be 'azure', 'github', + 'generic'.\nWhen not specified, defaults to 'generic'. " + enum: + - generic + - azure + - github + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the Git server. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + recurseSubmodules: + description: "RecurseSubmodules enables the initialization of all + submodules within\nthe GitRepository as cloned from the URL, using + their default settings. " + type: boolean + ref: + description: "Reference specifies the Git reference to resolve and + monitor for\nchanges, defaults to the 'master' branch. " + properties: + branch: + description: Branch to check out, defaults to 'master' if no other + field is defined. + type: string + commit: + description: "Commit SHA to check out, takes precedence over all + reference fields.\n\nThis can be combined with Branch to shallow + clone the branch, in which\nthe commit is expected to exist. + \ " + type: string + name: + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description\nExamples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\" " + type: string + semver: + description: SemVer tag expression to check out, takes precedence + over Tag. + type: string + tag: + description: Tag to check out, takes precedence over Branch. + type: string + type: object + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials for\nthe GitRepository.\nFor HTTPS repositories the + Secret must contain 'username' and 'password'\nfields for basic + auth or 'bearerToken' field for token auth.\nFor SSH repositories + the Secret must contain 'identity'\nand 'known_hosts' fields. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to\nauthenticate to the GitRepository. This field is only supported + for 'azure' provider. " + type: string + sparseCheckout: + description: "SparseCheckout specifies a list of directories to checkout + when cloning\nthe repository. If specified, only these directories + are included in the\nArtifact produced for this GitRepository. " + items: + type: string + type: array + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nGitRepository. " + type: boolean + timeout: + default: 60s + description: Timeout for Git operations like cloning, defaults to + 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: URL specifies the Git repository URL, it can be an HTTP/S + or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: "Verification specifies the configuration to verify the + Git commit\nsignature(s). " + properties: + mode: + default: HEAD + description: "Mode specifies which Git object(s) should be verified.\n\nThe + variants \"head\" and \"HEAD\" both imply the same thing, i.e. + verify\nthe commit that the HEAD of the Git repository points + to. The variant\n\"head\" solely exists to ensure backwards + compatibility. " + enum: + - head + - HEAD + - Tag + - TagAndHEAD + type: string + secretRef: + description: "SecretRef specifies the Secret containing the public + keys of trusted Git\nauthors. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - secretRef + type: object + required: + - interval + - url + type: object + x-kubernetes-validations: + - message: serviceAccountName can only be set when provider is 'azure' + rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider + == ''azure'')' + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus records the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the last successful GitRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: "IncludedArtifacts contains a list of the last successfully + included\nArtifacts as instructed by GitRepositorySpec.Include. + \ " + items: + description: Artifact represents the output of a Source reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of + ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding + to the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI + annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, + Git tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to + retrieve the Artifact for\nconsumption, e.g. by another controller + applying the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the GitRepository\nobject. " + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + observedInclude: + description: "ObservedInclude is the observed list of GitRepository + resources used to\nproduce the current Artifact. " + items: + description: "GitRepositoryInclude specifies a local reference to + a GitRepository which\nArtifact (sub-)contents must be included, + and where they should be placed. " + properties: + fromPath: + description: "FromPath specifies the path to copy contents from, + defaults to the root\nof the Artifact. " + type: string + repository: + description: "GitRepositoryRef specifies the GitRepository which + Artifact contents\nmust be included. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: "ToPath specifies the path to copy contents to, + defaults to the name of\nthe GitRepositoryRef. " + type: string + required: + - repository + type: object + type: array + observedRecurseSubmodules: + description: "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration + used to produce the current Artifact. " + type: boolean + observedSparseCheckout: + description: "ObservedSparseCheckout is the observed list of directories + used to\nproduce the current Artifact. " + items: + type: string + type: array + sourceVerificationMode: + description: "SourceVerificationMode is the last used verification + mode indicating\nwhich Git object(s) have been verified. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: HelmChartSpec specifies the desired state of a Helm chart. + properties: + chart: + description: "Chart is the name or path the Helm chart is available + at in the\nSourceRef. " + type: string + ignoreMissingValuesFiles: + description: "IgnoreMissingValuesFiles controls whether to silently + ignore missing values\nfiles rather than failing. " + type: boolean + interval: + description: "Interval at which the HelmChart SourceRef is checked + for updates.\nThis interval is approximate and may be subject to + jitter to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: "ReconcileStrategy determines what enables the creation + of a new artifact.\nValid values are ('ChartVersion', 'Revision').\nSee + the documentation of the values for an explanation on their behavior.\nDefaults + to ChartVersion when omitted. " + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: SourceRef is the reference to the Source the chart is + available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: "Kind of the referent, valid values are ('HelmRepository', + 'GitRepository',\n'Bucket'). " + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nsource. " + type: boolean + valuesFiles: + description: "ValuesFiles is an alternative list of values files to + use as the chart\nvalues (values.yaml is not included by default), + expected to be a\nrelative path in the SourceRef.\nValues files + are merged in the order of this list with the last file\noverriding + the first. Ignored when omitted. " + items: + type: string + type: array + verify: + description: "Verify contains the secret name containing the trusted + public keys\nused to verify the signature and specifies which provider + to use to check\nwhether OCI image is authentic.\nThis field is + only supported when using HelmRepository source with spec.type 'oci'.\nChart + dependencies, which are not bundled in the umbrella chart artifact, + are not verified. " + properties: + matchOIDCIdentity: + description: "MatchOIDCIdentity specifies the identity matching + criteria to use\nwhile verifying an OCI artifact which was signed + using Cosign keyless\nsigning. The artifact's identity is deemed + to be verified if any of the\nspecified matchers match against + the identity. " + items: + description: "OIDCIdentityMatch specifies options for verifying + the certificate identity,\ni.e. the issuer and the subject + of the certificate. " + properties: + issuer: + description: "Issuer specifies the regex pattern to match + against to verify\nthe OIDC issuer in the Fulcio certificate. + The pattern must be a\nvalid Go regular expression. " + type: string + subject: + description: "Subject specifies the regex pattern to match + against to verify\nthe identity subject in the Fulcio + certificate. The pattern must\nbe a valid Go regular expression. + \ " + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret containing + the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: "Version is the chart version semver expression, ignored + for charts from\nGitRepository and Bucket sources. Defaults to latest + when omitted. " + type: string + required: + - chart + - interval + - sourceRef + type: object + x-kubernetes-validations: + - message: spec.verify is only supported when spec.sourceRef.kind is 'HelmRepository' + rule: '!has(self.verify) || self.sourceRef.kind == ''HelmRepository''' + status: + default: + observedGeneration: -1 + description: HelmChartStatus records the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedChartName: + description: "ObservedChartName is the last observed chart name as + specified by the\nresolved chart reference. " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the HelmChart\nobject. " + format: int64 + type: integer + observedSourceArtifactRevision: + description: "ObservedSourceArtifactRevision is the last observed + Artifact.Revision\nof the HelmChartSpec.SourceRef. " + type: string + observedValuesFiles: + description: "ObservedValuesFiles are the observed value files of + the last successful\nreconciliation.\nIt matches the chart in the + last successfully reconciled artifact. " + items: + type: string + type: array + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v2 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: "Chart defines the template of the v1.HelmChart that + should be created\nfor this HelmRelease. " + properties: + metadata: + description: ObjectMeta holds the template for metadata like labels + and annotations. + properties: + annotations: + additionalProperties: + type: string + description: "Annotations is an unstructured key value map + stored with a resource that may be\nset by external tools + to store and retrieve arbitrary metadata. They are not\nqueryable + and should be preserved when modifying objects.\nMore info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + \ " + type: object + labels: + additionalProperties: + type: string + description: "Map of string keys and values that can be used + to organize and categorize\n(scope and select) objects.\nMore + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + \ " + type: object + type: object + spec: + description: Spec holds the template for the v1.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + maxLength: 2048 + minLength: 1 + type: string + ignoreMissingValuesFiles: + description: IgnoreMissingValuesFiles controls whether to + silently ignore missing values files rather than failing. + type: boolean + interval: + description: "Interval at which to check the v1.Source for + updates. Defaults to\n'HelmReleaseSpec.Interval'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: "Determines what enables the creation of a new + artifact. Valid values are\n('ChartVersion', 'Revision').\nSee + the documentation of the values for an explanation on their + behavior.\nDefaults to ChartVersion when omitted. " + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The name and namespace of the v1.Source the chart + is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - kind + - name + type: object + valuesFiles: + description: "Alternative list of values files to use as the + chart values (values.yaml\nis not included by default), + expected to be a relative path in the SourceRef.\nValues + files are merged in the order of this list with the last + file overriding\nthe first. Ignored when omitted. " + items: + type: string + type: array + verify: + description: "Verify contains the secret name containing the + trusted public keys\nused to verify the signature and specifies + which provider to use to check\nwhether OCI image is authentic.\nThis + field is only supported for OCI sources.\nChart dependencies, + which are not bundled in the umbrella chart artifact,\nare + not verified. " + properties: + provider: + default: cosign + description: Provider specifies the technology used to + sign the OCI Helm chart. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret + containing the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: "Version semver expression, ignored for charts + from v1.GitRepository and\nv1beta2.Bucket sources. Defaults + to latest when omitted. " + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + chartRef: + description: "ChartRef holds a reference to a source controller resource + containing the\nHelm chart artifact. " + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - HelmChart + - ExternalArtifact + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kubernetes\nresource object that contains the reference. + \ " + maxLength: 63 + minLength: 1 + type: string + required: + - kind + - name + type: object + commonMetadata: + description: "CommonMetadata specifies the common labels and annotations + that are\napplied to all resources. Any existing label or annotation + will be\noverridden if its key matches a common one. " + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + dependsOn: + description: "DependsOn may contain a DependencyReference slice with\nreferences + to HelmRelease resources that must be ready before this HelmRelease\ncan + be reconciled. " + items: + description: DependencyReference defines a HelmRelease dependency + on another HelmRelease resource. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the HelmRelease\nresource object that contains the reference. + \ " + type: string + readyExpr: + description: "ReadyExpr is a CEL expression that can be used + to assess the readiness\nof a dependency. When specified, + the built-in readiness check\nis replaced by the logic defined + in the CEL expression.\nTo make the CEL expression additive + to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` + must be set to `true`. " + type: string + required: + - name + type: object + type: array + driftDetection: + description: "DriftDetection holds the configuration for detecting + and handling\ndifferences between the manifest in the Helm storage + and the resources\ncurrently existing in the cluster. " + properties: + ignore: + description: "Ignore contains a list of rules for specifying which + changes to ignore\nduring diffing. " + items: + description: "IgnoreRule defines a rule to selectively disregard + specific changes during\nthe drift detection process. " + properties: + paths: + description: "Paths is a list of JSON Pointer (RFC 6901) + paths to be excluded from\nconsideration in a Kubernetes + object. " + items: + type: string + type: array + target: + description: "Target is a selector for specifying Kubernetes + objects to which this\nrule applies.\nIf Target is not + set, the Paths will be ignored for all Kubernetes\nobjects + within the manifest of the Helm release. " + properties: + annotationSelector: + description: "AnnotationSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select resources + from.\nTogether with Version and Kind it is capable + of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select resources + from.\nTogether with Group and Version it is capable + of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select resources + from.\nTogether with Group and Kind it is capable + of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - paths + type: object + type: array + mode: + description: "Mode defines how differences should be handled between + the Helm manifest\nand the manifest currently applied to the + cluster.\nIf not explicitly set, it defaults to DiffModeDisabled. + \ " + enum: + - enabled + - warn + - disabled + type: string + type: object + healthCheckExprs: + description: "HealthCheckExprs is a list of healthcheck expressions + for evaluating the\nhealth of custom resources using Common Expression + Language (CEL).\nThe expressions are evaluated only when the specific + Helm action\ntaking place has wait enabled, i.e. DisableWait is + false, and the\n'poller' WaitStrategy is used. " + items: + description: CustomHealthCheck defines the health check for custom + resources. + properties: + apiVersion: + description: APIVersion of the custom resource under evaluation. + type: string + current: + description: "Current is the CEL expression that determines + if the status\nof the custom resource has reached the desired + state. " + type: string + failed: + description: "Failed is the CEL expression that determines if + the status\nof the custom resource has failed to reach the + desired state. " + type: string + inProgress: + description: "InProgress is the CEL expression that determines + if the status\nof the custom resource has not yet reached + the desired state. " + type: string + kind: + description: Kind of the custom resource under evaluation. + type: string + required: + - apiVersion + - current + - kind + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according\nto the CRD upgrade policy provided here. Valid values + are `Skip`,\n`Create` or `CreateReplace`. Default is `Create` + and if omitted\nCRDs are installed but not updated.\n\nSkip: + do neither install nor replace (update) any CRDs.\n\nCreate: + new CRDs are created, existing CRDs are neither updated nor + deleted.\n\nCreateReplace: new CRDs are created, existing CRDs + are updated (replaced)\nbut not deleted.\n\nBy default, CRDs + are applied (installed) during Helm install action.\nWith this + option users can opt in to CRD replace existing CRDs on Helm\ninstall + actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. + \ " + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: "CreateNamespace tells the Helm install action to + create the\nHelmReleaseSpec.TargetNamespace if it does not exist + yet.\nOn uninstall, the namespace will not be garbage collected. + \ " + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: "DisableOpenAPIValidation prevents the Helm install + action from validating\nrendered templates against the Kubernetes + OpenAPI Schema. " + type: boolean + disableSchemaValidation: + description: "DisableSchemaValidation prevents the Helm install + action from validating\nthe values against the JSON Schema. + \ " + type: boolean + disableTakeOwnership: + description: "DisableTakeOwnership disables taking ownership of + existing resources\nduring the Helm install action. Defaults + to false. " + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\ninstall has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\ninstall has been performed. " + type: boolean + remediation: + description: "Remediation holds the remediation configuration + for when the Helm install\naction for the HelmRelease fails. + The default is to not perform any action. " + properties: + ignoreTestFailures: + description: "IgnoreTestFailures tells the controller to skip + remediation when the Helm\ntests are run after an install + action but fail. Defaults to\n'Test.IgnoreFailures'. " + type: boolean + remediateLastFailure: + description: "RemediateLastFailure tells the controller to + remediate the last failure, when\nno retries remain. Defaults + to 'false'. " + type: boolean + retries: + description: "Retries is the number of retries that should + be attempted on failures before\nbailing. Remediation, using + an uninstall, is performed between each attempt.\nDefaults + to '0', a negative integer equals to unlimited retries. + \ " + type: integer + type: object + replace: + description: "Replace tells the Helm install action to re-use + the 'ReleaseName', but only\nif that name is a deleted release + which remains in the history. " + type: boolean + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during install.\nDefaults to true (or false when UseHelm3Defaults + feature gate is enabled). " + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated + use CRD policy (`crds`) attribute with value `Skip` instead. + \ " + type: boolean + strategy: + description: "Strategy defines the install strategy to use for + this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' + when the\nDefaultToRetryOnFailure feature gate is enabled. " + properties: + name: + description: Name of the install strategy. + enum: + - RemediateOnFailure + - RetryOnFailure + type: string + retryInterval: + description: "RetryInterval is the interval at which to retry + a failed install.\nCan be used only when Name is set to + RetryOnFailure.\nDefaults to '5m'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: .retryInterval cannot be set when .name is 'RemediateOnFailure' + rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure''' + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: "KubeConfig for reconciling the HelmRelease on a remote + cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces + the controller to act on behalf of that Service Account at the\ntarget + cluster.\nIf the --default-service-account flag is set, its value + will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis + empty. " + properties: + configMapRef: + description: "ConfigMapRef holds an optional name of a ConfigMap + that contains\nthe following keys:\n\n- `provider`: the provider + to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- + `cluster`: the fully qualified resource name of the Kubernetes\n + \ cluster in the cloud provider API. Not used by the `generic`\n + \ provider. Required when one of `address` or `ca.crt` is not + set.\n- `address`: the address of the Kubernetes API server. + Required\n for `generic`. For the other providers, if not + specified, the\n first address in the cluster resource will + be used, and if\n specified, it must match one of the addresses + in the cluster\n resource.\n If audiences is not set, will + be used as the audience for the\n `generic` provider.\n- `ca.crt`: + the optional PEM-encoded CA certificate for the\n Kubernetes + API server. If not set, the controller will use the\n CA certificate + from the cluster resource.\n- `audiences`: the optional audiences + as a list of\n line-break-separated strings for the Kubernetes + ServiceAccount\n token. Defaults to the `address` for the + `generic` provider, or\n to specific values for the other + providers depending on the\n provider.\n- `serviceAccountName`: + the optional name of the Kubernetes\n ServiceAccount in the + same namespace that should be used\n for authentication. If + not specified, the controller\n ServiceAccount will be used.\n\nMutually + exclusive with SecretRef. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef holds an optional name of a secret that + contains a key with\nthe kubeconfig file as the value. If no + key is set, the key will default\nto 'value'. Mutually exclusive + with ConfigMapRef.\nIt is recommended that the kubeconfig is + self-contained, and the secret\nis regularly updated if credentials + such as a cloud-access-token expire.\nCloud specific `cmd-path` + auth helpers will not function without adding\nbinaries and + credentials to the Pod that is responsible for reconciling\nKubernetes + resources. Supported only for the generic provider. " + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: has(self.configMapRef) || has(self.secretRef) + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: '!has(self.configMapRef) || !has(self.secretRef)' + maxHistory: + description: "MaxHistory is the number of revisions saved by Helm + for this HelmRelease.\nUse '0' for an unlimited number of revisions; + defaults to '5'. " + type: integer + persistentClient: + description: "PersistentClient tells the controller to use a persistent + Kubernetes\nclient for this release. When enabled, the client will + be reused for the\nduration of the reconciliation, instead of being + created and destroyed\nfor each (step of a) Helm action.\n\nThis + can improve performance, but may cause issues with some Helm charts\nthat + for example do create Custom Resource Definitions during installation\noutside + Helm's CRD lifecycle hooks, which are then not observed to be\navailable + by e.g. post-install hooks.\n\nIf not set, it defaults to true. + \ " + type: boolean + postRenderers: + description: "PostRenderers holds an array of Helm PostRenderers, + which will be applied in order\nof their definition. " + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: "Images is a list of (image name, new name, + new tag or digest)\nfor changing image names, tags or + digests. This can also be achieved with a\npatch, but + this operator is simpler to specify. " + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: "Digest is the value used to replace + the original image tag.\nIf digest is present NewTag + value is ignored. " + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patches: + description: "Strategic merge and JSON patches, defined + as inline YAML objects,\ncapable of targeting objects + based on kind, label and annotation selectors. " + items: + description: "Patch contains an inline StrategicMerge + or JSON6902 patch, and the target the patch should\nbe + applied to. " + properties: + patch: + description: "Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with\nan array + of operation objects. " + type: string + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: "AnnotationSelector is a string that + follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select + resources from.\nTogether with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select + resources from.\nTogether with Group and Version + it is capable of unambiguously\nidentifying + and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select + resources from.\nTogether with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - patch + type: object + type: array + type: object + type: object + type: array + releaseName: + description: "ReleaseName used for the Helm release. Defaults to a + composition of\n'[TargetNamespace-]Name'. " + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: "CleanupOnFail allows deletion of new resources created + during the Helm\nrollback action when it fails. " + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\nrollback has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\nrollback has been performed. " + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: "Recreate performs pod restarts for any managed workloads.\n\nDeprecated: + This behavior was deprecated in Helm 3:\n - Deprecation: https://github.com/helm/helm/pull/6463\n + \ - Removal: https://github.com/helm/helm/pull/31023\nAfter + helm-controller was upgraded to the Helm 4 SDK,\nthis field + is no longer functional and will print a\nwarning if set to + true. It will also be removed in a\nfuture release. " + type: boolean + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during rollback.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen + \"auto\", server-side apply usage will be based on the release's + previous usage.\nDefaults to \"auto\". " + enum: + - enabled + - disabled + - auto + type: string + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + serviceAccountName: + description: "The name of the Kubernetes service account to impersonate\nwhen + reconciling this HelmRelease. " + maxLength: 253 + minLength: 1 + type: string + storageNamespace: + description: "StorageNamespace used for the Helm storage.\nDefaults + to the namespace of the HelmRelease. " + maxLength: 63 + minLength: 1 + type: string + suspend: + description: "Suspend tells the controller to suspend reconciliation + for this HelmRelease,\nit does not apply to already started reconciliations. + Defaults to false. " + type: boolean + targetNamespace: + description: "TargetNamespace to target when performing operations + for the HelmRelease.\nDefaults to the namespace of the HelmRelease. + \ " + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: "Enable enables Helm test actions for this HelmRelease + after an Helm install\nor upgrade action has been performed. + \ " + type: boolean + filters: + description: Filters is a list of tests to run or exclude from + running. + items: + description: Filter holds the configuration for individual Helm + test filters. + properties: + exclude: + description: Exclude specifies whether the named test should + be excluded. + type: boolean + name: + description: Name is the name of the test. + maxLength: 253 + minLength: 1 + type: string + required: + - name + type: object + type: array + ignoreFailures: + description: "IgnoreFailures tells the controller to skip remediation + when the Helm tests\nare run but fail. Can be overwritten for + tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. " + type: boolean + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation during\nthe performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like Jobs\nfor hooks) during the performance of a Helm + action. Defaults to '5m0s'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + deletionPropagation: + default: background + description: "DeletionPropagation specifies the deletion propagation + policy when\na Helm uninstall is performed. " + enum: + - background + - foreground + - orphan + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: "DisableWait disables waiting for all the resources + to be deleted after\na Helm uninstall is performed. " + type: boolean + keepHistory: + description: "KeepHistory tells Helm to remove all associated + resources and mark the\nrelease as deleted, but retain the release + history. " + type: boolean + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: "CleanupOnFail allows deletion of new resources created + during the Helm\nupgrade action when it fails. " + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according\nto the CRD upgrade policy provided here. Valid values + are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip` + and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip: + do neither install nor replace (update) any CRDs.\n\nCreate: + new CRDs are created, existing CRDs are neither updated nor + deleted.\n\nCreateReplace: new CRDs are created, existing CRDs + are updated (replaced)\nbut not deleted.\n\nBy default, CRDs + are not applied during Helm upgrade action. With this\noption + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. + \ " + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: "DisableOpenAPIValidation prevents the Helm upgrade + action from validating\nrendered templates against the Kubernetes + OpenAPI Schema. " + type: boolean + disableSchemaValidation: + description: "DisableSchemaValidation prevents the Helm upgrade + action from validating\nthe values against the JSON Schema. + \ " + type: boolean + disableTakeOwnership: + description: "DisableTakeOwnership disables taking ownership of + existing resources\nduring the Helm upgrade action. Defaults + to false. " + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\nupgrade has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\nupgrade has been performed. " + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: "PreserveValues will make Helm reuse the last release's + values and merge in\noverrides from 'Values'. Setting this flag + makes the HelmRelease\nnon-declarative. " + type: boolean + remediation: + description: "Remediation holds the remediation configuration + for when the Helm upgrade\naction for the HelmRelease fails. + The default is to not perform any action. " + properties: + ignoreTestFailures: + description: "IgnoreTestFailures tells the controller to skip + remediation when the Helm\ntests are run after an upgrade + action but fail.\nDefaults to 'Test.IgnoreFailures'. " + type: boolean + remediateLastFailure: + description: "RemediateLastFailure tells the controller to + remediate the last failure, when\nno retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. " + type: boolean + retries: + description: "Retries is the number of retries that should + be attempted on failures before\nbailing. Remediation, using + 'Strategy', is performed between each attempt.\nDefaults + to '0', a negative integer equals to unlimited retries. + \ " + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during upgrade.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen + \"auto\", server-side apply usage will be based on the release's + previous usage.\nDefaults to \"auto\". " + enum: + - enabled + - disabled + - auto + type: string + strategy: + description: "Strategy defines the upgrade strategy to use for + this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' + when the\nDefaultToRetryOnFailure feature gate is enabled. " + properties: + name: + description: Name of the upgrade strategy. + enum: + - RemediateOnFailure + - RetryOnFailure + type: string + retryInterval: + description: "RetryInterval is the interval at which to retry + a failed upgrade.\nCan be used only when Name is set to + RetryOnFailure.\nDefaults to '5m'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: .retryInterval can only be set when .name is 'RetryOnFailure' + rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure''' + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: "ValuesFrom holds references to resources containing + Helm values for this HelmRelease,\nand information about how they + should be merged. " + items: + description: "ValuesReference contains a reference to a resource + containing Helm values,\nand optionally the key they can be found + at. " + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: "Name of the values referent. Should reside in + the same namespace as the\nreferring resource. " + maxLength: 253 + minLength: 1 + type: string + optional: + description: "Optional marks this ValuesReference as optional. + When set, a not found error\nfor the values reference is ignored, + but any ValuesKey, TargetPath or\ntransient error will still + result in a reconciliation failure. " + type: boolean + targetPath: + description: "TargetPath is the YAML dot notation path the value + should be merged at. When\nset, the ValuesKey is expected + to be a single flat value. Defaults to 'None',\nwhich results + in the values getting merged at the root. " + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: "ValuesKey is the data key where the values.yaml + or a specific value can be\nfound at. Defaults to 'values.yaml'. + \ " + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + waitStrategy: + description: "WaitStrategy defines Helm's wait strategy for waiting + for applied\nresources to become ready. " + properties: + name: + description: "Name is Helm's wait strategy for waiting for applied + resources to\nbecome ready. One of 'poller' or 'legacy'. The + 'poller' strategy uses\nkstatus to poll resource statuses, while + the 'legacy' strategy uses\nHelm v3's waiting logic.\nDefaults + to 'poller', or to 'legacy' when UseHelm3Defaults feature\ngate + is enabled. " + enum: + - poller + - legacy + type: string + required: + - name + type: object + required: + - interval + type: object + x-kubernetes-validations: + - message: either chart or chartRef must be set + rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) + && has(self.chartRef)) + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: "Failures is the reconciliation failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + helmChart: + description: "HelmChart is the namespaced name of the HelmChart resource + created by\nthe controller for the HelmRelease. " + type: string + history: + description: "History holds the history of Helm releases performed + for this HelmRelease\nup to the last successfully completed release. + \ " + items: + description: "Snapshot captures a point-in-time copy of the status + information for a Helm release,\nas managed by the controller. + \ " + properties: + action: + description: Action is the action that resulted in this snapshot + being created. + type: string + apiVersion: + description: "APIVersion is the API version of the Snapshot.\nWhen + the calculation method of the Digest field is changed, this\nfield + will be used to distinguish between the old and new methods. + \ " + type: string + appVersion: + description: AppVersion is the chart app version of the release + object in storage. + type: string + chartName: + description: ChartName is the chart name of the release object + in storage. + type: string + chartVersion: + description: "ChartVersion is the chart version of the release + object in\nstorage. " + type: string + configDigest: + description: "ConfigDigest is the checksum of the config (better + known as\n\"values\") of the release object in storage.\nIt + has the format of `:`. " + type: string + deleted: + description: Deleted is when the release was deleted. + format: date-time + type: string + digest: + description: "Digest is the checksum of the release object in + storage.\nIt has the format of `:`. " + type: string + firstDeployed: + description: FirstDeployed is when the release was first deployed. + format: date-time + type: string + lastDeployed: + description: LastDeployed is when the release was last deployed. + format: date-time + type: string + name: + description: Name is the name of the release. + type: string + namespace: + description: Namespace is the namespace the release is deployed + to. + type: string + ociDigest: + description: OCIDigest is the digest of the OCI artifact associated + with the release. + type: string + status: + description: Status is the current state of the release. + type: string + testHooks: + additionalProperties: + description: "TestHookStatus holds the status information + for a test hook as observed\nto be run by the controller. + \ " + properties: + lastCompleted: + description: LastCompleted is the time the test hook last + completed. + format: date-time + type: string + lastStarted: + description: LastStarted is the time the test hook was + last started. + format: date-time + type: string + phase: + description: Phase the test hook was observed to be in. + type: string + type: object + description: "TestHooks is the list of test hooks for the release + as observed to be\nrun by the controller. " + type: object + version: + description: Version is the version of the release object in + storage. + type: integer + required: + - chartName + - chartVersion + - configDigest + - digest + - firstDeployed + - lastDeployed + - name + - namespace + - status + - version + type: object + type: array + installFailures: + description: "InstallFailures is the install failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + inventory: + description: "Inventory contains the list of Kubernetes resource object + references\nthat have been applied for this release. " + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: "ID is the string representation of the Kubernetes + resource object's metadata,\nin the format '___'. + \ " + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAttemptedConfigDigest: + description: "LastAttemptedConfigDigest is the digest for the config + (better known as\n\"values\") of the last reconciliation attempt. + \ " + type: string + lastAttemptedGeneration: + description: "LastAttemptedGeneration is the last generation the controller + attempted\nto reconcile. " + format: int64 + type: integer + lastAttemptedReleaseAction: + description: "LastAttemptedReleaseAction is the last release action + performed for this\nHelmRelease. It is used to determine the active + retry or remediation\nstrategy. " + enum: + - install + - upgrade + type: string + lastAttemptedReleaseActionDuration: + description: "LastAttemptedReleaseActionDuration is the duration of + the last\nrelease action performed for this HelmRelease. " + type: string + lastAttemptedRevision: + description: "LastAttemptedRevision is the Source revision of the + last reconciliation\nattempt. For OCIRepository sources, the 12 + first characters of the digest are\nappended to the chart version + e.g. \"1.2.3+1234567890ab\". " + type: string + lastAttemptedRevisionDigest: + description: "LastAttemptedRevisionDigest is the digest of the last + reconciliation attempt.\nThis is only set for OCIRepository sources. + \ " + type: string + lastAttemptedValuesChecksum: + description: "LastAttemptedValuesChecksum is the SHA1 checksum for + the values of the last\nreconciliation attempt.\n\nDeprecated: Use + LastAttemptedConfigDigest instead. " + type: string + lastHandledForceAt: + description: "LastHandledForceAt holds the value of the most recent\nforce + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + lastHandledResetAt: + description: "LastHandledResetAt holds the value of the most recent + reset request\nvalue, so a change of the annotation value can be + detected. " + type: string + lastReleaseRevision: + description: "LastReleaseRevision is the revision of the last successful + Helm release.\n\nDeprecated: Use History instead. " + type: integer + observedCommonMetadataDigest: + description: "ObservedCommonMetadataDigest is the digest for the common + metadata of\nthe last successful reconciliation attempt. " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedPostRenderersDigest: + description: "ObservedPostRenderersDigest is the digest for the post-renderers + of\nthe last successful reconciliation attempt. " + type: string + storageNamespace: + description: "StorageNamespace is the namespace of the Helm release + storage for the\ncurrent release. " + maxLength: 63 + minLength: 1 + type: string + upgradeFailures: + description: "UpgradeFailures is the upgrade failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "HelmRepositorySpec specifies the required configuration + to produce an\nArtifact for a Helm repository index YAML. " + properties: + accessFrom: + description: "AccessFrom specifies an Access Control List for allowing + cross-namespace\nreferences to this object.\nNOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092 " + properties: + namespaceSelectors: + description: "NamespaceSelectors is the list of namespace selectors + to which this ACL applies.\nItems in this list are evaluated + using a logical OR operation. " + items: + description: "NamespaceSelector selects the namespaces to which + this ACL applies.\nAn empty map of MatchLabels matches all + namespaces in a cluster. " + properties: + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels\nmap is equivalent + to an element of matchExpressions, whose key field is + \"key\", the\noperator is \"In\", and the values array + contains only \"value\". The requirements are ANDed. " + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nregistry. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt + takes precedence over the values specified in the Secret referred\nto + by `.spec.secretRef`. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + insecure: + description: "Insecure allows connecting to a non-TLS HTTP container + registry.\nThis field is only taken into account if the .spec.type + field is set to 'oci'. " + type: boolean + interval: + description: "Interval at which the HelmRepository URL is checked + for updates.\nThis interval is approximate and may be subject to + jitter to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + passCredentials: + description: "PassCredentials allows the credentials from the SecretRef + to be passed\non to a host that does not match the host as defined + in URL.\nThis may be required if the host of the advertised chart + URLs in the\nindex differ from the defined URL.\nEnabling this should + be done with caution, as it can potentially result\nin credentials + getting stolen in a MITM-attack. " + type: boolean + provider: + default: generic + description: "Provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'.\nThis field is optional, and only taken into + account if the .spec.type field is set to 'oci'.\nWhen not specified, + defaults to 'generic'. " + enum: + - generic + - aws + - azure + - gcp + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the + secret must contain 'username' and 'password'\nfields.\nSupport + for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys + is deprecated. Please use `.spec.certSecretRef` instead. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nHelmRepository. " + type: boolean + timeout: + description: "Timeout is used for the index fetch operation for an + HTTPS helm repository,\nand for remote OCI Repository operations + like pulling for an OCI helm\nchart by the associated HelmChart.\nIts + default value is 60s. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: "Type of the HelmRepository.\nWhen this field is set + to \"oci\", the URL field value must be prefixed with \"oci://\". + \ " + enum: + - default + - oci + type: string + url: + description: "URL of the Helm repository, a valid URL contains at + least a protocol and\nhost. " + pattern: ^(http|https|oci)://.*$ + type: string + required: + - url + type: object + status: + default: + observedGeneration: -1 + description: HelmRepositoryStatus records the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the last successful HelmRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the HelmRepository\nobject. " + format: int64 + type: integer + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "KustomizationSpec defines the configuration to calculate + the desired state\nfrom a Source using Kustomize. " + properties: + commonMetadata: + description: "CommonMetadata specifies the common labels and annotations + that are\napplied to all resources. Any existing label or annotation + will be\noverridden if its key matches a common one. " + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + components: + description: Components specifies relative paths to kustomize Components. + items: + type: string + type: array + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: "The secret name containing the private OpenPGP keys + used for decryption.\nA static credential for a cloud provider + defined inside the Secret\ntakes priority to secret-less authentication + with the ServiceAccountName\nfield. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the service account + used to\nauthenticate with KMS services from cloud providers. + If a\nstatic credential for a given cloud provider is defined\ninside + the Secret referenced by SecretRef, that static\ncredential + takes priority. " + type: string + required: + - provider + type: object + deletionPolicy: + description: "DeletionPolicy can be used to control garbage collection + when this\nKustomization is deleted. Valid values are ('MirrorPrune', + 'Delete',\n'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors + the Prune field\n(orphan if false, delete if true). Defaults to + 'MirrorPrune'. " + enum: + - MirrorPrune + - Delete + - WaitForTermination + - Orphan + type: string + dependsOn: + description: "DependsOn may contain a DependencyReference slice\nwith + references to Kustomization resources that must be ready before + this\nKustomization can be reconciled. " + items: + description: DependencyReference defines a Kustomization dependency + on another Kustomization resource. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kustomization\nresource object that contains the reference. + \ " + type: string + readyExpr: + description: "ReadyExpr is a CEL expression that can be used + to assess the readiness\nof a dependency. When specified, + the built-in readiness check\nis replaced by the logic defined + in the CEL expression.\nTo make the CEL expression additive + to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` + must be set to `true`. " + type: string + required: + - name + type: object + type: array + force: + default: false + description: "Force instructs the controller to recreate resources\nwhen + patching fails due to an immutable field change. " + type: boolean + healthCheckExprs: + description: "HealthCheckExprs is a list of healthcheck expressions + for evaluating the\nhealth of custom resources using Common Expression + Language (CEL).\nThe expressions are evaluated only when Wait or + HealthChecks are specified. " + items: + description: CustomHealthCheck defines the health check for custom + resources. + properties: + apiVersion: + description: APIVersion of the custom resource under evaluation. + type: string + current: + description: "Current is the CEL expression that determines + if the status\nof the custom resource has reached the desired + state. " + type: string + failed: + description: "Failed is the CEL expression that determines if + the status\nof the custom resource has failed to reach the + desired state. " + type: string + inProgress: + description: "InProgress is the CEL expression that determines + if the status\nof the custom resource has not yet reached + the desired state. " + type: string + kind: + description: Kind of the custom resource under evaluation. + type: string + required: + - apiVersion + - current + - kind + type: object + type: array + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: "NamespacedObjectKindReference contains enough information + to locate the typed referenced Kubernetes resource object\nin + any namespace. " + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: array + ignoreMissingComponents: + description: "IgnoreMissingComponents instructs the controller to + ignore Components paths\nnot found in source by removing them from + the generated kustomization.yaml\nbefore running kustomize build. + \ " + type: boolean + images: + description: "Images is a list of (image name, new name, new tag or + digest)\nfor changing image names, tags or digests. This can also + be achieved with a\npatch, but this operator is simpler to specify. + \ " + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: "Digest is the value used to replace the original + image tag.\nIf digest is present NewTag value is ignored. + \ " + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: "The interval at which to reconcile the Kustomization.\nThis + interval is approximate and may be subject to jitter to ensure\nefficient + use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: "The KubeConfig for reconciling the Kustomization on + a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces + the controller to act on behalf of that Service Account at the\ntarget + cluster.\nIf the --default-service-account flag is set, its value + will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis + empty. " + properties: + configMapRef: + description: "ConfigMapRef holds an optional name of a ConfigMap + that contains\nthe following keys:\n\n- `provider`: the provider + to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- + `cluster`: the fully qualified resource name of the Kubernetes\n + \ cluster in the cloud provider API. Not used by the `generic`\n + \ provider. Required when one of `address` or `ca.crt` is not + set.\n- `address`: the address of the Kubernetes API server. + Required\n for `generic`. For the other providers, if not + specified, the\n first address in the cluster resource will + be used, and if\n specified, it must match one of the addresses + in the cluster\n resource.\n If audiences is not set, will + be used as the audience for the\n `generic` provider.\n- `ca.crt`: + the optional PEM-encoded CA certificate for the\n Kubernetes + API server. If not set, the controller will use the\n CA certificate + from the cluster resource.\n- `audiences`: the optional audiences + as a list of\n line-break-separated strings for the Kubernetes + ServiceAccount\n token. Defaults to the `address` for the + `generic` provider, or\n to specific values for the other + providers depending on the\n provider.\n- `serviceAccountName`: + the optional name of the Kubernetes\n ServiceAccount in the + same namespace that should be used\n for authentication. If + not specified, the controller\n ServiceAccount will be used.\n\nMutually + exclusive with SecretRef. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef holds an optional name of a secret that + contains a key with\nthe kubeconfig file as the value. If no + key is set, the key will default\nto 'value'. Mutually exclusive + with ConfigMapRef.\nIt is recommended that the kubeconfig is + self-contained, and the secret\nis regularly updated if credentials + such as a cloud-access-token expire.\nCloud specific `cmd-path` + auth helpers will not function without adding\nbinaries and + credentials to the Pod that is responsible for reconciling\nKubernetes + resources. Supported only for the generic provider. " + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: has(self.configMapRef) || has(self.secretRef) + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: '!has(self.configMapRef) || !has(self.secretRef)' + namePrefix: + description: NamePrefix will prefix the names of all managed resources. + maxLength: 200 + minLength: 1 + type: string + nameSuffix: + description: NameSuffix will suffix the names of all managed resources. + maxLength: 200 + minLength: 1 + type: string + patches: + description: "Strategic merge and JSON patches, defined as inline + YAML objects,\ncapable of targeting objects based on kind, label + and annotation selectors. " + items: + description: "Patch contains an inline StrategicMerge or JSON6902 + patch, and the target the patch should\nbe applied to. " + properties: + patch: + description: "Patch contains an inline StrategicMerge patch + or an inline JSON6902 patch with\nan array of operation objects. + \ " + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: "AnnotationSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select resources + from.\nTogether with Version and Kind it is capable of + unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select resources + from.\nTogether with Group and Version it is capable of + unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows the + label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select resources + from.\nTogether with Group and Kind it is capable of unambiguously + identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - patch + type: object + type: array + path: + description: "Path to the directory containing the kustomization.yaml + file, or the\nset of plain YAMLs a kustomization.yaml should be + generated for.\nDefaults to 'None', which translates to the root + path of the SourceRef. " + type: string + postBuild: + description: "PostBuild describes which actions to perform on the + YAML manifest\ngenerated by building the kustomize overlay. " + properties: + substitute: + additionalProperties: + type: string + description: "Substitute holds a map of key/value pairs.\nThe + variables defined in your YAML manifests that match any of the + keys\ndefined in the map will be substituted with the set value.\nIncludes + support for bash string replacement functions\ne.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. " + type: object + substituteFrom: + description: "SubstituteFrom holds references to ConfigMaps and + Secrets containing\nthe variables and their values to be substituted + in the YAML manifests.\nThe ConfigMap and the Secret data keys + represent the var names, and they\nmust match the vars declared + in the manifests for the substitution to\nhappen. " + items: + description: "SubstituteReference contains a reference to a + resource containing\nthe variables name and value. " + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: "Name of the values referent. Should reside + in the same namespace as the\nreferring resource. " + maxLength: 253 + minLength: 1 + type: string + optional: + default: false + description: "Optional indicates whether the referenced + resource must exist, or whether to\ntolerate its absence. + If true and the referenced resource is absent, proceed\nas + if the resource was present but empty, without any variables + defined. " + type: boolean + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: "The interval at which to retry a previously failed reconciliation.\nWhen + not specified, the controller uses the KustomizationSpec.Interval\nvalue + to retry failures. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + serviceAccountName: + description: "The name of the Kubernetes service account to impersonate\nwhen + reconciling this Kustomization. " + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - GitRepository + - Bucket + - ExternalArtifact + type: string + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kubernetes\nresource object that contains the reference. + \ " + type: string + required: + - kind + - name + type: object + suspend: + description: "This flag tells the controller to suspend subsequent + kustomize executions,\nit does not apply to already started executions. + Defaults to false. " + type: boolean + targetNamespace: + description: "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml + file. " + maxLength: 63 + minLength: 1 + type: string + timeout: + description: "Timeout for validation, apply and health checking operations.\nDefaults + to 'Interval' duration. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + wait: + description: "Wait instructs the controller to check the health of + all the reconciled\nresources. When enabled, the HealthChecks are + ignored. Defaults to false. " + type: boolean + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + history: + description: "History contains a set of snapshots of the last reconciliation + attempts\ntracking the revision, the state and the duration of each + attempt. " + items: + description: "Snapshot represents a point-in-time record of a group + of resources reconciliation,\nincluding timing information, status, + and a unique digest identifier. " + properties: + digest: + description: Digest is the checksum in the format `:` + of the resources in this snapshot. + type: string + firstReconciled: + description: FirstReconciled is the time when this revision + was first reconciled to the cluster. + format: date-time + type: string + lastReconciled: + description: LastReconciled is the time when this revision was + last reconciled to the cluster. + format: date-time + type: string + lastReconciledDuration: + description: LastReconciledDuration is time it took to reconcile + the resources in this revision. + type: string + lastReconciledStatus: + description: LastReconciledStatus is the status of the last + reconciliation. + type: string + metadata: + additionalProperties: + type: string + description: Metadata contains additional information about + the snapshot. + type: object + totalReconciliations: + description: TotalReconciliations is the total number of reconciliations + that have occurred for this snapshot. + format: int64 + type: integer + required: + - digest + - firstReconciled + - lastReconciled + - lastReconciledDuration + - lastReconciledStatus + - totalReconciliations + type: object + type: array + inventory: + description: "Inventory contains the list of Kubernetes resource object + references that\nhave been successfully applied. " + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: "ID is the string representation of the Kubernetes + resource object's metadata,\nin the format '___'. + \ " + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedOriginRevision: + description: "The last successfully applied origin revision.\nEquals + the origin revision of the applied Artifact from the referenced + Source.\nUsually present on the Metadata of the applied Artifact + and depends on the\nSource type, e.g. for OCI it's the value associated + with the key\n\"org.opencontainers.image.revision\". " + type: string + lastAppliedRevision: + description: "The last successfully applied revision.\nEquals the + Revision of the applied Artifact from the referenced Source. " + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: ocirepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: OCIRepository + listKind: OCIRepositoryList + plural: ocirepositories + shortNames: + - ocirepo + singular: ocirepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: OCIRepository is the Schema for the ocirepositories API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: OCIRepositorySpec defines the desired state of OCIRepository + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nregistry. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP container + registry. + type: boolean + interval: + description: "Interval at which the OCIRepository URL is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + layerSelector: + description: "LayerSelector specifies which layer should be extracted + from the OCI artifact.\nWhen not specified, the first layer found + in the artifact is selected. " + properties: + mediaType: + description: "MediaType specifies the OCI media type of the layer\nwhich + should be extracted from the OCI Artifact. The\nfirst layer + matching this type is selected. " + type: string + operation: + description: "Operation specifies how the selected layer should + be processed.\nBy default, the layer compressed content is extracted + to storage.\nWhen the operation is set to 'copy', the layer + compressed content\nis persisted to storage as it is. " + enum: + - extract + - copy + type: string + type: object + provider: + default: generic + description: "The provider used for authentication, can be 'aws', + 'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'. + \ " + enum: + - generic + - aws + - azure + - gcp + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the container registry. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ref: + description: "The OCI reference to pull and monitor for changes,\ndefaults + to the latest tag. " + properties: + digest: + description: "Digest is the image digest to pull, takes precedence + over SemVer.\nThe value should be in the format 'sha256:'. + \ " + type: string + semver: + description: "SemVer is the range of tags to pull selecting the + latest within\nthe range, takes precedence over Tag. " + type: string + semverFilter: + description: SemverFilter is a regex pattern to filter the tags + within the SemVer range. + type: string + tag: + description: Tag is the image tag to pull, defaults to latest. + type: string + type: object + secretRef: + description: "SecretRef contains the secret name containing the registry + login\ncredentials to resolve image metadata.\nThe secret must be + of type kubernetes.io/dockerconfigjson. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate\nthe image pull if the service account has + attached pull secrets. For more information:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + \ " + type: string + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote OCI Repository operations like + pulling, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: "URL is a reference to an OCI artifact repository hosted\non + a remote container registry. " + pattern: ^oci://.*$ + type: string + verify: + description: "Verify contains the secret name containing the trusted + public keys\nused to verify the signature and specifies which provider + to use to check\nwhether OCI image is authentic. " + properties: + matchOIDCIdentity: + description: "MatchOIDCIdentity specifies the identity matching + criteria to use\nwhile verifying an OCI artifact which was signed + using Cosign keyless\nsigning. The artifact's identity is deemed + to be verified if any of the\nspecified matchers match against + the identity. " + items: + description: "OIDCIdentityMatch specifies options for verifying + the certificate identity,\ni.e. the issuer and the subject + of the certificate. " + properties: + issuer: + description: "Issuer specifies the regex pattern to match + against to verify\nthe OIDC issuer in the Fulcio certificate. + The pattern must be a\nvalid Go regular expression. " + type: string + subject: + description: "Subject specifies the regex pattern to match + against to verify\nthe identity subject in the Fulcio + certificate. The pattern must\nbe a valid Go regular expression. + \ " + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret containing + the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: OCIRepositoryStatus defines the observed state of OCIRepository + properties: + artifact: + description: Artifact represents the output of the last successful + OCI Repository sync. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the OCIRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + observedLayerSelector: + description: "ObservedLayerSelector is the observed layer selector + used for constructing\nthe source artifact. " + properties: + mediaType: + description: "MediaType specifies the OCI media type of the layer\nwhich + should be extracted from the OCI Artifact. The\nfirst layer + matching this type is selected. " + type: string + operation: + description: "Operation specifies how the selected layer should + be processed.\nBy default, the layer compressed content is extracted + to storage.\nWhen the operation is set to 'copy', the layer + compressed content\nis persisted to storage as it is. " + enum: + - extract + - copy + type: string + type: object + url: + description: URL is the download link for the artifact output of the + last OCI Repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 + name: v1beta2 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of the Provider. + properties: + address: + description: "Address specifies the endpoint, in a generic sense, + to where alerts are sent.\nWhat kind of endpoint depends on the + specific Provider type being used.\nFor the generic Provider, for + example, this is an HTTP/S address.\nFor other Provider types this + could be a project ID or a namespace. " + maxLength: 2048 + type: string + certSecretRef: + description: "CertSecretRef specifies the Secret containing\na PEM-encoded + CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` + key has\nbeen deprecated. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + interval: + description: Interval at which to reconcile the Provider with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxy: + description: Proxy the HTTP/S address of the proxy server. + maxLength: 2048 + pattern: ^(http|https)://.*$ + type: string + secretRef: + description: "SecretRef specifies the Secret containing the authentication\ncredentials + for this Provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Provider. " + type: boolean + timeout: + description: Timeout for sending alerts to the Provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type specifies which Provider implementation to use. + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - gitea + - bitbucketserver + - bitbucket + - azuredevops + - googlechat + - googlepubsub + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + - pagerduty + - datadog + type: string + username: + description: Username specifies the name under which events are posted. + maxLength: 2048 + type: string + required: + - type + type: object + status: + default: + observedGeneration: -1 + description: ProviderStatus defines the observed state of the Provider. + properties: + conditions: + description: Conditions holds the conditions for the Provider. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta3 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of the Provider. + properties: + address: + description: "Address specifies the endpoint, in a generic sense, + to where alerts are sent.\nWhat kind of endpoint depends on the + specific Provider type being used.\nFor the generic Provider, for + example, this is an HTTP/S address.\nFor other Provider types this + could be a project ID or a namespace. " + maxLength: 2048 + type: string + certSecretRef: + description: "CertSecretRef specifies the Secret containing TLS certificates\nfor + secure communication.\n\nSupported configurations:\n- CA-only: Server + authentication (provide ca.crt only)\n- mTLS: Mutual authentication + (provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication + with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\", + \"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\", + \"tls.crt\", \"tls.key\" instead. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + commitStatusExpr: + description: "CommitStatusExpr is a CEL expression that evaluates + to a string value\nthat can be used to generate a custom commit + status message for use\nwith eligible Provider types (github, gitlab, + gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables + are: event, provider,\nand alert. " + type: string + interval: + description: "Interval at which to reconcile the Provider with its + Secret references.\nDeprecated and not used in v1beta3. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxy: + description: "Proxy the HTTP/S address of the proxy server.\nDeprecated: + Use ProxySecretRef instead. Will be removed in v1. " + maxLength: 2048 + pattern: ^(http|https)://.*$ + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nfor this Provider. The Secret should contain an 'address' + key with the\nHTTP/S address of the proxy server. Optional 'username' + and 'password'\nkeys can be provided for proxy authentication. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef specifies the Secret containing the authentication\ncredentials + for this Provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to\nauthenticate with cloud provider services through workload + identity.\nThis enables multi-tenant authentication without storing + static credentials.\n\nSupported provider types: azureeventhub, + azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1. + Create an OIDC token for the specified ServiceAccount\n2. Exchange + it for cloud provider credentials via STS\n3. Use the obtained credentials + for API authentication\n\nWhen unspecified, controller-level authentication + is used (single-tenant).\n\nAn error is thrown if static credentials + are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity + feature gate to be enabled. " + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Provider. " + type: boolean + timeout: + description: Timeout for sending alerts to the Provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type specifies which Provider implementation to use. + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - gitea + - giteapullrequestcomment + - bitbucketserver + - bitbucket + - azuredevops + - googlechat + - googlepubsub + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + - githubpullrequestcomment + - gitlabmergerequestcomment + - pagerduty + - datadog + - nats + - zulip + - otel + type: string + username: + description: Username specifies the name under which events are posted. + maxLength: 2048 + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', + 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types + rule: self.type == 'github' || self.type == 'gitlab' || self.type == + 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' + || self.type == 'azuredevops' || !has(self.commitStatusExpr) + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: "Events specifies the list of event types to handle,\ne.g. + 'push' for GitHub or 'Push Hook' for GitLab. " + items: + type: string + type: array + interval: + default: 10m + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resourceFilter: + description: "ResourceFilter is a CEL expression expected to return + a boolean that is\nevaluated for each resource referenced in the + Resources field when a\nwebhook is received. If the expression returns + false then the controller\nwill not request a reconciliation for + the resource.\nWhen the expression is specified the controller will + parse it and mark\nthe object as terminally failed if the expression + is invalid or does not\nreturn a boolean. " + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: "SecretRef specifies the Secret containing the token + used\nto validate the payload authenticity. The Secret must contain + a 'token'\nkey. For GCR receivers, the Secret must also contain + an 'email' key\nwith the IAM service account email configured on + the Pub/Sub push\nsubscription, and may optionally contain an 'audience' + key with the\nexpected OIDC token audience. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this receiver. " + type: boolean + type: + description: "Type of webhook sender, used to determine\nthe validation + procedure and payload deserialization. " + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + - cdevents + type: string + required: + - resources + - secretRef + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + webhookPath: + description: "WebhookPath is the generated incoming webhook address + in the format\nof '/hook/sha256sum(token+name+namespace)'. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 + name: v1beta2 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: "Events specifies the list of event types to handle,\ne.g. + 'push' for GitHub or 'Push Hook' for GitLab. " + items: + type: string + type: array + interval: + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: "SecretRef specifies the Secret containing the token + used\nto validate the payload authenticity. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this receiver. " + type: boolean + type: + description: "Type of webhook sender, used to determine\nthe validation + procedure and payload deserialization. " + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - secretRef + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + url: + description: "URL is the generated incoming webhook address in the + format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated: + Replaced by WebhookPath. " + type: string + webhookPath: + description: "WebhookPath is the generated incoming webhook address + in the format\nof '/hook/sha256sum(token+name+namespace)'. " + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - source.extensions.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - secrets + - configmaps + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- nonResourceURLs: + - /livez/ping + verbs: + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: flux-edit-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: flux-view-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +- kind: ServiceAccount + name: source-watcher + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + kubernetes.io/elb.class: performance + kubernetes.io/elb.id: 1722cbcc-00cf-42aa-bc3b-3d029ffdf9db + meta.helm.sh/release-name: cceaddon-nginx-ingress + meta.helm.sh/release-namespace: ingress-nginx + labels: + app: nginx-ingress + app.kubernetes.io/managed-by: Helm + chart: nginx-ingress-2.5.6 + component: controller + heritage: Helm + release: cceaddon-nginx-ingress + name: cceaddon-nginx-ingress-controller + namespace: ingress-nginx +spec: + allocateLoadBalancerNodePorts: true + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + loadBalancerIP: 192.168.0.230 + ports: + - name: http + nodePort: 31914 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + nodePort: 32382 + port: 443 + protocol: TCP + targetPort: 443 + selector: + app: istio-ingressgateway + istio: ingressgateway + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: test-http + namespace: test +spec: + ports: + - name: http + port: 80 + targetPort: 5678 + selector: + app: test-http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/helm-controller:v1.5.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/kustomize-controller:v1.8.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/notification-controller:v1.8.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 9292 + name: http-webhook + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TUF_ROOT + value: /tmp/.sigstore + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/source-controller:v1.8.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: test-http + name: test-http + namespace: test +spec: + replicas: 1 + selector: + matchLabels: + app: test-http + template: + metadata: + labels: + app: test-http + spec: + containers: + - args: + - -text=ok from flux + image: hashicorp/http-echo:1.0.0 + name: http-echo + ports: + - containerPort: 5678 + name: http +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: backend + namespace: bim +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: LAST_MASTER_BIM + value: + _default: "100000" + - name: LAST_SLAVE_1_BIM + value: + _default: "100000" + - name: LAST_MASTER_BIM_V3 + value: + _default: "100000" + - name: LAST_SLAVE_1_BIM_V3 + value: + _default: "100000" + - name: DB_CERT_PATH_3 + value: + _default: /root/yandex_pg.pem + - name: DB_CERT_PATH_4 + value: + _default: /root/yandex_pg.pem + - name: POSTGRES_ADDRESS_3 + value: + _default: postgres-service + - name: POSTGRES_ADDRESS_4 + value: + _default: postgres-service + - name: POSTGRES_PORT_3 + value: + _default: "5432" + - name: POSTGRES_PORT_4 + value: + _default: "5432" + - name: POSTGRES_DB_3 + value: + _default: bimapidb + - name: POSTGRES_DB_4 + value: + _default: bimapidb + - name: DB_CERT_PATH_2 + value: + _default: /root/yandex_pg.pem + - name: POSTGRES_ADDRESS_2 + value: + _default: postgres-service + - name: POSTGRES_PORT_2 + value: + _default: "5432" + - name: POSTGRES_DB_2 + value: + _default: bimapidb + - name: POSTGRES_ADDRESS + value: + _default: postgres-service + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: bimapidb + - name: POSTGRES_POOL_SIZE + value: + _default: "30" + - name: API_ADDRESS + value: + _default: 0.0.0.0:8000 + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: ENABLE_SQL_QUERY + value: + _default: "0" + - name: ENABLE_SSL + value: + _default: "0" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: POSTGRES_USER_4 + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD_4 + secretKey: password + secretName: + _default: postgres-secret + - name: POSTGRES_USER_2 + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD_2 + secretKey: password + secretName: + _default: postgres-secret + - name: POSTGRES_USER_3 + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD_3 + secretKey: password + secretName: + _default: postgres-secret + service: + enabled: true + name: + _default: backend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-config + namespace: default +spec: + chart: + spec: + chart: istio-config-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.0 + dependsOn: + - name: istio-base + namespace: istio-system + - name: istiod + namespace: istio-system + - name: ingressgateway + namespace: istio-system + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + environments: + brusnika-stage: + certManager: + certificates: + another-nginx-secret: + dnsNames: + - test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + camunda-identity-tls: + dnsNames: + - identity.camunda.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + camunda-optimize-tls: + dnsNames: + - optimize.camunda.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + camunda-platform-operate-tls: + dnsNames: + - operate.camunda.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + camunda-platform-tasklist-tls: + dnsNames: + - tasklist.camunda.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + dashboard-cert-secret: + dnsNames: + - dashboard.brusnika.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + gitea-stage-tls: + dnsNames: + - gitea.stage.brusnika.sarex.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + jupyter-cert-secret: + dnsNames: + - jupyter.brusnika.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + keycloak.camunda.test.sarex.brusnika.tech-tls: + dnsNames: + - keycloak.camunda.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + minio-console-cert-secret: + dnsNames: + - minio.brusnika.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + nginx-secret: + dnsNames: + - cde.brusnika.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + superset-tls-secret: + dnsNames: + - superset.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + tls-public-link: + dnsNames: + - document-link.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + tls-stamp-verification: + dnsNames: + - stamp-verification.test.sarex.brusnika.tech + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + vault-stage-tls: + dnsNames: + - vault.stage.brusnika.sarex.lonsdaleites.ru + issuerRef: + kind: ClusterIssuer + name: letsencrypt + namespace: ingress-nginx + clusterIssuers: {} + istio: + authorizationPolicies: {} + envoyFilters: {} + gateways: + camunda-identity: + name: camunda-identity-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - identity.camunda.test.sarex.brusnika.tech + tls: + credentialName: camunda-identity-tls + camunda-keycloak: + name: camunda-keycloak-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - keycloak.camunda.test.sarex.brusnika.tech + tls: + credentialName: keycloak.camunda.test.sarex.brusnika.tech-tls + camunda-operate: + name: camunda-operate-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - operate.camunda.test.sarex.brusnika.tech + tls: + credentialName: camunda-platform-operate-tls + camunda-optimize: + name: camunda-optimize-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - optimize.camunda.test.sarex.brusnika.tech + tls: + credentialName: camunda-optimize-tls + camunda-tasklist: + name: camunda-tasklist-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - tasklist.camunda.test.sarex.brusnika.tech + tls: + credentialName: camunda-platform-tasklist-tls + dashboard: + name: dashboard-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - dashboard.brusnika.lonsdaleites.ru + tls: + credentialName: dashboard-cert-secret + document-link: + name: document-link-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - document-link.test.sarex.brusnika.tech + tls: + credentialName: tls-public-link + gitea: + name: gitea-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - gitea.stage.brusnika.sarex.lonsdaleites.ru + tls: + credentialName: gitea-stage-tls + global-cde: + name: global-cde-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - cde.brusnika.lonsdaleites.ru + tls: + credentialName: nginx-secret + global-test: + name: global-test-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - test.sarex.brusnika.tech + tls: + credentialName: another-nginx-secret + jupyter: + name: jupyter-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - jupyter.brusnika.lonsdaleites.ru + tls: + credentialName: jupyter-cert-secret + minio: + name: minio-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - minio.brusnika.lonsdaleites.ru + tls: + credentialName: minio-console-cert-secret + stamp-verification: + name: stamp-verification-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - stamp-verification.test.sarex.brusnika.tech + tls: + credentialName: tls-stamp-verification + superset: + name: superset-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - superset.test.sarex.brusnika.tech + tls: + credentialName: superset-tls-secret + vault: + name: vault-gw + namespace: ingress-nginx + selector: + istio: ingressgateway + servers: + - hosts: + - vault.stage.brusnika.sarex.lonsdaleites.ru + tls: + credentialName: vault-stage-tls + requestAuthentications: {} + virtualServices: + camunda-identity-vs: + gateways: + - ingress-nginx/camunda-identity-gw + hosts: + - identity.camunda.test.sarex.brusnika.tech + namespace: camunda + routes: + - path: + prefix: / + port: 80 + service: camunda-identity.camunda.svc.cluster.local + camunda-keycloak-vs: + gateways: + - ingress-nginx/camunda-keycloak-gw + hosts: + - keycloak.camunda.test.sarex.brusnika.tech + namespace: camunda + routes: + - match: + - port: 80 + uri: + prefix: /auth/ + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: /auth/ + port: 80 + service: camunda-keycloak.camunda.svc.cluster.local + camunda-operate-vs: + gateways: + - ingress-nginx/camunda-operate-gw + hosts: + - operate.camunda.test.sarex.brusnika.tech + namespace: camunda + routes: + - path: + prefix: / + port: 80 + service: camunda-operate.camunda.svc.cluster.local + camunda-optimize-vs: + gateways: + - ingress-nginx/camunda-optimize-gw + hosts: + - optimize.camunda.test.sarex.brusnika.tech + namespace: camunda + routes: + - path: + prefix: / + port: 80 + service: camunda-optimize.camunda.svc.cluster.local + camunda-tasklist-vs: + gateways: + - ingress-nginx/camunda-tasklist-gw + hosts: + - tasklist.camunda.test.sarex.brusnika.tech + namespace: camunda + routes: + - path: + prefix: / + port: 80 + service: camunda-tasklist.camunda.svc.cluster.local + dashboard-vs: + gateways: + - ingress-nginx/dashboard-gw + hosts: + - dashboard.brusnika.lonsdaleites.ru + namespace: kubernetes-dashboard + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 9090 + service: kubernetes-dashboard-brusnika.kubernetes-dashboard.svc.cluster.local + document-link-vs: + cors: + allowOrigins: + - regex: .* + gateways: + - ingress-nginx/document-link-gw + hosts: + - document-link.test.sarex.brusnika.tech + namespace: documentations + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 80 + service: frontend-service-public-link.documentations.svc.cluster.local + gitea-vs: + gateways: + - ingress-nginx/gitea-gw + hosts: + - gitea.stage.brusnika.sarex.lonsdaleites.ru + namespace: gitea + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 3000 + service: gitea.gitea.svc.cluster.local + global-cde-vs: + cors: + allowOrigins: + - regex: .* + gateways: + - ingress-nginx/global-cde-gw + hosts: + - cde.brusnika.lonsdaleites.ru + namespace: global-ingress + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 80 + service: nginx-service.global-ingress.svc.cluster.local + global-test-vs: + cors: + allowOrigins: + - exact: https://test.sarex.brusnika.tech + - exact: https://stamp-verification.test.sarex.brusnika.tech + - exact: https://document-link.test.sarex.brusnika.tech + - exact: https://login.brusnika.ru + gateways: + - ingress-nginx/global-test-gw + hosts: + - test.sarex.brusnika.tech + namespace: global-ingress + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 80 + service: nginx-service.global-ingress.svc.cluster.local + jupyter-vs: + gateways: + - ingress-nginx/jupyter-gw + hosts: + - jupyter.brusnika.lonsdaleites.ru + namespace: jupyter + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 8888 + service: jupyter.jupyter.svc.cluster.local + minio-vs: + gateways: + - ingress-nginx/minio-gw + hosts: + - minio.brusnika.lonsdaleites.ru + namespace: minio + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 9000 + service: minio-svc.minio.svc.cluster.local + stamp-verification-vs: + cors: + allowOrigins: + - regex: .* + gateways: + - ingress-nginx/stamp-verification-gw + hosts: + - stamp-verification.test.sarex.brusnika.tech + namespace: documentations + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 8080 + service: stamp-verification-frontend-service.documentations.svc.cluster.local + superset-vs: + gateways: + - ingress-nginx/superset-gw + hosts: + - superset.test.sarex.brusnika.tech + namespace: superset + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 8088 + service: superset.superset.svc.cluster.local + vault-vs: + gateways: + - ingress-nginx/vault-gw + hosts: + - vault.stage.brusnika.sarex.lonsdaleites.ru + namespace: vault + routes: + - match: + - port: 80 + uri: + prefix: / + redirect: + redirectCode: 308 + scheme: https + - path: + prefix: / + port: 8200 + service: vault-vault-contour.vault.svc.cluster.local + namespaces: [] + global: + env: brusnika-stage +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: backend + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: SERVER_SUPERSET_HOST + value: + _default: https://superset.test.sarex.brusnika.tech + - name: GK_ENCRYPTION_KEY + value: + _default: zfDjuszywHSbAhY8KJQbESbpUYN74XTs + - name: ALLOWED_HOSTS + value: + _default: '*' + - name: SERVER_USE_CHANGELOG + value: + _default: "0" + - name: SERVER_ZITADEL_ENABLED + value: + _default: "False" + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: CELERY_REDIS_HOST + value: + _default: redis-service + - name: CELERY_REDIS_PORT + value: + _default: "6379" + - name: DJANGO_REDIS_HOST + value: + _default: redis-service + - name: DJANGO_REDIS_PORT + value: + _default: "6379" + - name: BIMV2_INTERNAL_HOST + value: + _default: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: + _default: "60" + - name: JWT_KID + value: + _default: "1" + - name: PDM_SYNC + value: + _default: "1" + - name: KC_SYNC_ENABLE + value: + _default: "0" + - name: MEASUREMENTS_HOST + value: + _default: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: + _default: "1" + - name: SERVER_API_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: SERVER_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_BASE_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_USE + value: + _default: "1" + - name: SERVER_S3_STREAM_IMPORT + value: + _default: "1" + - name: SERVER_SAVE_DIFF_DEM + value: + _default: "1" + - name: SERVER_USE_CLICKHOUSE + value: + _default: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: + _default: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: + _default: "1" + - name: SERVER_USE_METASHAPE + value: + _default: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: + _default: "1" + - name: SERVER_CHANGELOG_MODE + value: + _default: "0" + - name: SERVER_DJANGO_URLS + value: + _default: "1" + - name: CHECK_IMPORT_HASH + value: + _default: "1" + - name: EAV_ENABLE + value: + _default: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: + _default: "1" + - name: SERVER_CHUNKED_PATH + value: + _default: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: + _default: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: + _default: "1" + - name: S3_HOST + value: + _default: http://minio-svc.minio.svc.cluster.local:9000 + - name: KC_USE_REDIRECT_LOGOUT + value: + _default: "True" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: SERVER_SUPERSET_JWT_SECRET + secretKey: jwt_secret + secretName: + _default: jwt-secret-superset + - name: KC_CLIENT_ID + secretKey: client_id + secretName: + _default: gatekeeper-secret + - name: KC_CLIENT_SECRET + secretKey: client_secret + secretName: + _default: gatekeeper-secret + - name: AWS_S3_ENDPOINT_URL + secretKey: endpoint + secretName: + _default: s3-secret + - name: CELERY_RABBITMQ_HOST + secretKey: host + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + secretKey: username + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + secretKey: host + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_PORTS + secretKey: port + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_DATABASE + secretKey: database + secretName: + _default: postgres-secret + - name: DJANGO_RABBIT_HOSTNAME + secretKey: host + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_USER + secretKey: username + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + secretKey: password + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: JWT_PRIVATE_KEY + secretKey: ssh_private.key + secretName: + _default: backend-secret + - name: JWT_PUBLIC_KEY + secretKey: ssh_public.key + secretName: + _default: backend-secret + - name: S3_BUCKET + secretKey: bucket + secretName: + _default: sarex-media-storage-secret + - name: S3_LOGIN + secretKey: login + secretName: + _default: sarex-media-storage-secret + - name: S3_PASSWORD + secretKey: password + secretName: + _default: sarex-media-storage-secret + service: + enabled: true + name: + _default: backend + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: uwsgi.ini + path: + _default: uwsgi.ini + name: + _default: uwsgi-configmap + mountPath: + _default: /opt/sarex/uwsgi.ini + name: uwsgi-configmap + readOnly: + _default: true + subPath: + _default: uwsgi.ini + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: django-configmap + mountPath: + _default: /opt/sarex/config/settings/production.py + name: django-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: celery + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + command: + _default: + - celery + - -A + - config + - worker + - -B + - -l + - info + - -E + - -Q + - default + - -n + - default_worker.%h + - --concurrency=2 + enabled: true + name: + _default: celery + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: SERVER_SUPERSET_HOST + value: + _default: https://superset.test.sarex.brusnika.tech + - name: GK_ENCRYPTION_KEY + value: + _default: zfDjuszywHSbAhY8KJQbESbpUYN74XTs + - name: ALLOWED_HOSTS + value: + _default: '*' + - name: SERVER_USE_CHANGELOG + value: + _default: "0" + - name: SERVER_ZITADEL_ENABLED + value: + _default: "False" + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: CELERY_REDIS_HOST + value: + _default: redis-service + - name: CELERY_REDIS_PORT + value: + _default: "6379" + - name: DJANGO_REDIS_HOST + value: + _default: redis-service + - name: DJANGO_REDIS_PORT + value: + _default: "6379" + - name: BIMV2_INTERNAL_HOST + value: + _default: http://bim-backend-v2-service.bim-api + - name: BIMV2_TIMEOUT + value: + _default: "60" + - name: JWT_KID + value: + _default: "1" + - name: PDM_SYNC + value: + _default: "1" + - name: KC_SYNC_ENABLE + value: + _default: "0" + - name: MEASUREMENTS_HOST + value: + _default: http://measurements-service.measurements.svc.cluster.local:8000/api + - name: MEASUREMENTS_USE_MEASUREMENTS + value: + _default: "1" + - name: SERVER_API_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: SERVER_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_BASE_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: WORKFLOWS_USE + value: + _default: "1" + - name: SERVER_S3_STREAM_IMPORT + value: + _default: "1" + - name: SERVER_SAVE_DIFF_DEM + value: + _default: "1" + - name: SERVER_USE_CLICKHOUSE + value: + _default: "0" + - name: SERVER_USE_CREATE_COMPARED_GEOTIFF_TASK + value: + _default: "0" + - name: SERVER_USE_DJANGO_STORAGE + value: + _default: "1" + - name: SERVER_USE_METASHAPE + value: + _default: "0" + - name: SERVER_CHANGELOG_MODE_SYSTEM_LOG + value: + _default: "1" + - name: SERVER_CHANGELOG_MODE + value: + _default: "0" + - name: SERVER_DJANGO_URLS + value: + _default: "1" + - name: CHECK_IMPORT_HASH + value: + _default: "1" + - name: EAV_ENABLE + value: + _default: "1" + - name: SERVER_CHECK_IMPORT_HASH + value: + _default: "1" + - name: SERVER_CHUNKED_PATH + value: + _default: /tmp/chunked_uploads/%Y/%m/%d + - name: SERVER_HIDE_USER_SCROLL_PERMISSIONS + value: + _default: "0" + - name: SERVER_USE_WRORKFLOW_STATUS + value: + _default: "1" + - name: S3_HOST + value: + _default: http://minio-svc.minio.svc.cluster.local:9000 + - name: KC_USE_REDIRECT_LOGOUT + value: + _default: "True" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/backend:production_8f05291e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: SERVER_SUPERSET_JWT_SECRET + secretKey: jwt_secret + secretName: + _default: jwt-secret-superset + - name: KC_CLIENT_ID + secretKey: client_id + secretName: + _default: gatekeeper-secret + - name: KC_CLIENT_SECRET + secretKey: client_secret + secretName: + _default: gatekeeper-secret + - name: AWS_S3_ENDPOINT_URL + secretKey: endpoint + secretName: + _default: s3-secret + - name: CELERY_RABBITMQ_HOST + secretKey: host + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_USER + secretKey: username + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: CELERY_RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: DJANGO_POSTGRES_HOST + secretKey: host + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_PORTS + secretKey: port + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_DATABASE + secretKey: database + secretName: + _default: postgres-secret + - name: DJANGO_RABBIT_HOSTNAME + secretKey: host + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_USER + secretKey: username + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_PASS + secretKey: password + secretName: + _default: rabbitmq-secret + - name: DJANGO_RABBIT_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: JWT_PRIVATE_KEY + secretKey: ssh_private.key + secretName: + _default: backend-secret + - name: JWT_PUBLIC_KEY + secretKey: ssh_public.key + secretName: + _default: backend-secret + - name: S3_BUCKET + secretKey: bucket + secretName: + _default: sarex-media-storage-secret + - name: S3_LOGIN + secretKey: login + secretName: + _default: sarex-media-storage-secret + - name: S3_PASSWORD + secretKey: password + secretName: + _default: sarex-media-storage-secret + service: + enabled: true + name: + _default: celery + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: uwsgi.ini + path: + _default: uwsgi.ini + name: + _default: uwsgi-configmap + mountPath: + _default: /opt/sarex/uwsgi.ini + name: uwsgi-configmap + readOnly: + _default: true + subPath: + _default: uwsgi.ini + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: django-configmap + mountPath: + _default: /opt/sarex/config/settings/production.py + name: django-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: export-project + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: export-project + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + service: + enabled: true + name: + _default: export-project-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: frontend + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/sarex-frontend-dev:contour_5.16.3 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: frontend-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + defaultMode: 420 + items: + - key: nginx.conf + path: nginx.conf + name: + _default: nginx-configmap + mountPath: + _default: /etc/nginx/nginx.conf + name: nginx-configmap + readOnly: + _default: true + subPath: + _default: nginx.conf +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: s3-proxy + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: s3-proxy + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: AWS_API_ENDPOINT + value: + _default: http://minio-svc.minio.svc.cluster.local:9000 + - name: APP_PORT + value: + _default: "8000" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/export-project:prod_37a48176 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: AWS_ACCESS_KEY_ID + secretKey: login + secretName: + _default: sarex-media-storage-secret + - name: AWS_SECRET_ACCESS_KEY + secretKey: password + secretName: + _default: sarex-media-storage-secret + - name: AWS_S3_BUCKET + secretKey: bucket + secretName: + _default: sarex-media-storage-secret + service: + enabled: true + name: + _default: s3-proxy-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: srx-admin + namespace: django +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: srx-admin + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/srx-admin:prod_feb59026 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: srx-admin-svc + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: document-link +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: frontend + port: + _default: 3000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/document-link-frontend:51c342660b1bebebcaada22551e660ff260a4523 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: frontend-service + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 3000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: documentation-frontend-static + namespace: documentations +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + driftDetection: + mode: enabled + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: documentation-frontend-static + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_5a4e4adc + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: documentation-frontend-static-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: documentations-api + namespace: documentations +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + driftDetection: + mode: enabled + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: documentations-api + port: + _default: 8080 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: documentations + - name: POSTGRES_POOL_SIZE + value: + _default: "20" + - name: FLOWS_URL + value: + _default: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: + _default: "36311" + - name: API_ADDRESS + value: + _default: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: + _default: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: + _default: "5" + - name: ENABLE_SQL_QUERY + value: + _default: "0" + - name: ENABLE_SSL + value: + _default: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: + _default: https://test.sarex.brusnika.tech/workspaces-v2/ + - name: ENABLE_S3 + value: + _default: "1" + - name: CONTAINER_REGISTRY + value: + _default: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: + _default: production + - name: HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080 + - name: VALKEY_PORT + value: + _default: "6379" + - name: VALKEY_HOST + value: + _default: redis + - name: VALKEY_ADDR + value: + _default: redis:6379 + - name: FILE_STREAM_HOST + value: + _default: cde.brusnika.lonsdaleites.ru + - name: DOCUMENTATION_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: + _default: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: + _default: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: + _default: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: + _default: v1 + - name: SYSTEM_LOG_URL + value: + _default: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: + _default: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: + _default: https://document-link.test.sarex.brusnika.tech + - name: NAMESPACE + value: + _default: documentations + - name: DJANGO_ORIGINATOR + value: + _default: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: + _default: master + - name: WORKFLOWS_IMAGES_VERSION + value: + _default: master + - name: S3_SERVICE_ACCOUNT + value: + _default: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: + _default: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: + _default: 60s + - name: CACHE_CLEANUP_INTERVAL + value: + _default: 60s + - name: USE_CACHE_IN_FILE_STREAMER + value: + _default: "1" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_5904312b + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: PUBLIC_KEY + secretKey: key + secretName: + _default: public-key + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + secretKey: secret + secretName: + _default: yc-jwt-secret + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + secretKey: key + secretName: + _default: django-auth + service: + enabled: true + name: + _default: documentations-api + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 8080 + type: + _default: ClusterIP + volumes: + _default: + - mountPath: + _default: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: + _default: true + secret: + secretName: + _default: documentations-yc-s3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: documentations-filestream + namespace: documentations +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + driftDetection: + mode: enabled + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: documentations-filestream + port: + _default: 8080 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: documentations + - name: POSTGRES_POOL_SIZE + value: + _default: "20" + - name: FLOWS_URL + value: + _default: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: + _default: "36311" + - name: API_ADDRESS + value: + _default: 0.0.0.0:8080 + - name: VALKEY_PORT + value: + _default: "6379" + - name: VALKEY_ADDR + value: + _default: redis:6379 + - name: VALKEY_HOST + value: + _default: redis + - name: API_ADDRESS_FILE + value: + _default: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: + _default: "5" + - name: ENABLE_SQL_QUERY + value: + _default: "0" + - name: ENABLE_SSL + value: + _default: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: + _default: https://test.sarex.brusnika.tech/workspaces-v2/ + - name: ENABLE_S3 + value: + _default: "1" + - name: CONTAINER_REGISTRY + value: + _default: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: + _default: production + - name: HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: + _default: cde.brusnika.lonsdaleites.ru + - name: DOCUMENTATION_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: + _default: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: + _default: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: + _default: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: + _default: v1 + - name: SYSTEM_LOG_URL + value: + _default: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: + _default: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: + _default: https://document-link.test.sarex.brusnika.tech + - name: NAMESPACE + value: + _default: documentations + - name: DJANGO_ORIGINATOR + value: + _default: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: + _default: master + - name: WORKFLOWS_IMAGES_VERSION + value: + _default: master + - name: S3_SERVICE_ACCOUNT + value: + _default: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: + _default: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: + _default: 60s + - name: CACHE_CLEANUP_INTERVAL + value: + _default: 60s + - name: USE_CACHE_IN_FILE_STREAMER + value: + _default: "1" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_5904312b + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: PUBLIC_KEY + secretKey: key + secretName: + _default: public-key + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + secretKey: secret + secretName: + _default: yc-jwt-secret + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + secretKey: key + secretName: + _default: django-auth + service: + enabled: true + name: + _default: documentations-filestream + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 8080 + type: + _default: ClusterIP + volumes: + _default: + - mountPath: + _default: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: + _default: true + secret: + secretName: + _default: documentations-yc-s3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: pdm-api + namespace: documentations +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + driftDetection: + mode: enabled + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: pdm-api + port: + _default: 8080 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: USE_EXPERIMENTAL + value: + _default: "true" + - name: API_ADDRESS + value: + _default: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: + _default: 0.0.0.0:8080 + - name: API_HOST_PREFIX + value: + _default: / + - name: APP_NAME + value: + _default: pdm_v2 + - name: APP_VERSION + value: + _default: 0.0.1 + - name: TRANSMITTALS_BASE_URL + value: + _default: "" + - name: TRANSMITTALS_ENABLE + value: + _default: "false" + - name: DRAWINGS_INTERNAL_URL + value: + _default: http://drawings-api-service.drawings.svc.cluster.local:80 + - name: ATTACHMENTS_URL + value: + _default: http://attachments-service.attachments.svc.cluster.local:8000 + - name: BIM_API_V2_URL + value: + _default: http://backend-service.bim.svc.cluster.local:8000/ + - name: BIM_V2_HOST + value: + _default: http://backend-service.bim.svc.cluster.local:8000/ + - name: CACHE_CLEANUP_INTERVAL + value: + _default: 60s + - name: CACHE_DEFAULT_EXPIRATION + value: + _default: 60s + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: + _default: docs_prod + - name: DOCUMENTATION_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: EAV_URL + value: + _default: http://eav-service.eav.svc.cluster.local:8000 + - name: ENABLE_OBSERVABILITY + value: + _default: "false" + - name: ENABLE_PERMISSIONS_FILTER + value: + _default: "false" + - name: ENABLE_S3 + value: + _default: "1" + - name: ENABLE_SSL + value: + _default: "0" + - name: ENVIRONMENT + value: + _default: prod + - name: FLOWS_URL + value: + _default: http://backend-service.flows.svc.cluster.local:8000 + - name: HEIGHT_THUMB_ATTACHMENTS + value: + _default: "300" + - name: HEIGHT_THUMB_STATES + value: + _default: "73" + - name: HTTP_PORT + value: + _default: "8080" + - name: INSPECTIONS_URL + value: + _default: http://inspections-service.inspections.svc.cluster.local:80 + - name: LOG_LEVEL + value: + _default: INFO + - name: NOTES_URL + value: + _default: "" + - name: OBSERVABILITY_COLLECTOR_ENDPOINT + value: + _default: temp + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_DB + value: + _default: documentations + - name: POSTGRES_POOL_SIZE + value: + _default: "20" + - name: POSTGRES_PORT + value: + _default: "5432" + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: + _default: 6h + - name: RELEASES_URL + value: + _default: https://gitlab.com + - name: REMARKS_URL + value: + _default: http://remarks-static-service.remarks.svc.cluster.local:8080/remarks + - name: RESOURCES_URL + value: + _default: http://resources-service.resources.svc.cluster.local:8000 + - name: S3_SERVICE_ACCOUNT + value: + _default: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: STATES_URL + value: + _default: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: SUBSCRIPTIONS_URL + value: + _default: http://sarex-subscriptions-service.subscriptions.svc.cluster.local:80 + - name: SYSTEM_LOG_URL + value: + _default: http://api-service.system-log.svc.cluster.local:8000 + - name: TARGET_URL + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: USE_CACHE_IN_FILE_STREAMER + value: + _default: "1" + - name: USE_SUBSCRIPTIONS + value: + _default: "false" + - name: WIDTH_THUMB_ATTACHMENTS + value: + _default: "300" + - name: WIDTH_THUMB_STATES + value: + _default: "120" + - name: WORKFLOWS_IMAGES_VERSION + value: + _default: master + - name: WORKFLOW_IMAGES_VERSION + value: + _default: master + - name: WORKFLOW_URL + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: + _default: v1 + - name: WORKSPACE_URL + value: + _default: http://workspaces-service.workspaces.svc.cluster.local:8000/ + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/pdmv2:prod_9507c2d5 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: RELEASES_TOKEN + secretKey: key + secretName: + _default: releases-token + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + - name: PUBLIC_KEY + secretKey: key + secretName: + _default: public-key + service: + enabled: true + name: + _default: pdm-api + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 8080 + type: + _default: ClusterIP + volumes: + _default: + - mountPath: + _default: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: + _default: true + secret: + secretName: + _default: documentations-yc-s3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: backend + namespace: eav +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: KAFKA_USERNAME + value: + _default: sarex + - name: KAFKA_SSL_CAFILE + value: + _default: /usr/local/share/ca-certificates/kafka.crt + - name: KAFKA_HOST + value: + _default: brusnika-stage-kafka-bootstrap.kafka.svc.cluster.local:9093 + - name: ASSETS_TOPIC + value: + _default: sarex + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: DJANGO_POSTGRES_HOST + value: + _default: 192.168.2.45 + - name: DJANGO_POSTGRES_DATABASE + value: + _default: eav + - name: YC_S3_ENDPOINT_URL + value: + _default: http://minio-svc.minio.svc.cluster.local:9000 + - name: YC_S3_BUCKET_NAME + value: + _default: eav + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_2460295f + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: KAFKA_PASSWORD + secretKey: password + secretName: + _default: kafka-cred + - name: DJANGO_POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DJANGO_POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: JWT_PRIVATE_KEY + secretKey: ssh_private.key + secretName: + _default: backend-secret + - name: JWT_PUBLIC_KEY + secretKey: ssh_public.key + secretName: + _default: backend-secret + - name: YC_S3_ACCESS_KEY_ID + secretKey: login + secretName: + _default: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: password + secretName: + _default: s3-secret + service: + enabled: true + name: + _default: eav-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: asset.py + path: + _default: asset.py + name: + _default: asset + mountPath: + _default: /server/assets/api/v0/views/asset.py + name: asset + readOnly: + _default: true + subPath: + _default: asset.py + - configMap: + items: + - key: permissions.py + path: + _default: permissions.py + name: + _default: permissions + mountPath: + _default: /server/core/permissions.py + name: permissions + readOnly: + _default: true + subPath: + _default: permissions.py + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: django-configmap + mountPath: + _default: /server/config/settings/production.py + name: django-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: backend + namespace: flows +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: LOG_LEVEL + value: + _default: DEBUG + - name: BASE_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: CELERY_QUEUE + value: + _default: flow + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000/api + - name: DOCUMENTATION_HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: + _default: "1" + - name: ENABLE_CELERY + value: + _default: "1" + - name: ENABLE_MAILGUN + value: + _default: "0" + - name: ENABLE_METRICS + value: + _default: "0" + - name: FROM_EMAIL + value: + _default: cde@brusnika.ru + - name: GATEWAY_URL + value: + _default: http://pdm-api.documentations.svc.cluster.local:8080 + - name: PG_HOST + value: + _default: 192.168.2.45 + - name: PG_PORT + value: + _default: "5432" + - name: RABBITMQ_HOST + value: + _default: rabbitmq-service + - name: RABBITMQ_PORT + value: + _default: "5672" + - name: DOCUMENTATION_PG_PORT + value: + _default: "5432" + - name: DOCUMENTATION_PG_DATABASE + value: + _default: documentations + - name: EAV_HOST + value: + _default: http://eav-service.eav.svc.cluster.local:8000 + - name: DOCUMENTATION_PG_HOST + value: + _default: postgres-service.documentations.svc.cluster.local + - name: RESOURCE_URL + value: + _default: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: + _default: https://test.sarex.brusnika.tech/flows/api/v1 + - name: SMTP_HOST + value: + _default: smtp-relay.gmail.com + - name: SMTP_PORT + value: + _default: "587" + - name: SYNC_RESOURCE_ID + value: + _default: "1" + - name: TIMEOUT + value: + _default: "120" + - name: WORKFLOWS_HOST + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: + _default: "60" + - name: DOCUMENTATION_TIMEOUT + value: + _default: "60" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_42cf0e6e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: ADMIN_PANEL_SECRET_KEY + secretKey: key + secretName: + _default: admin-secret + - name: JWT_PUBLIC_KEY + secretKey: public_key + secretName: + _default: jwt-secret + - name: DOCUMENTATION_PG_USERNAME + secretKey: username + secretName: + _default: postgres-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + secretKey: password + secretName: + _default: postgres-secret-documentations + - name: DJANGO_TOKEN + secretKey: token + secretName: + _default: django-secret + - name: PG_DB + secretKey: database + secretName: + _default: postgres-secret + - name: PG_LOGIN + secretKey: username + secretName: + _default: postgres-secret + - name: PG_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: RABBITMQ_USERNAME + secretKey: username + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + service: + enabled: true + name: + _default: backend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: celery + namespace: flows +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: celery + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: LOG_LEVEL + value: + _default: DEBUG + - name: BASE_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: CELERY_QUEUE + value: + _default: flow + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000/api + - name: DOCUMENTATION_HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: + _default: "1" + - name: ENABLE_CELERY + value: + _default: "1" + - name: ENABLE_MAILGUN + value: + _default: "0" + - name: ENABLE_METRICS + value: + _default: "0" + - name: FROM_EMAIL + value: + _default: cde@brusnika.ru + - name: GATEWAY_URL + value: + _default: http://pdm-api.documentations.svc.cluster.local:8080 + - name: PG_HOST + value: + _default: 192.168.2.45 + - name: PG_PORT + value: + _default: "5432" + - name: RABBITMQ_HOST + value: + _default: rabbitmq-service + - name: RABBITMQ_PORT + value: + _default: "5672" + - name: DOCUMENTATION_PG_PORT + value: + _default: "5432" + - name: DOCUMENTATION_PG_DATABASE + value: + _default: documentations + - name: DOCUMENTATION_PG_HOST + value: + _default: postgres-service.documentations.svc.cluster.local + - name: RESOURCE_URL + value: + _default: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: + _default: https://test.sarex.brusnika.tech/flows/api/v1 + - name: SMTP_HOST + value: + _default: smtp-relay.gmail.com + - name: SMTP_PORT + value: + _default: "587" + - name: SYNC_RESOURCE_ID + value: + _default: "1" + - name: TIMEOUT + value: + _default: "120" + - name: WORKFLOWS_HOST + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: + _default: "60" + - name: DOCUMENTATION_TIMEOUT + value: + _default: "60" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_42cf0e6e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: ADMIN_PANEL_SECRET_KEY + secretKey: key + secretName: + _default: admin-secret + - name: JWT_PUBLIC_KEY + secretKey: public_key + secretName: + _default: jwt-secret + - name: DOCUMENTATION_PG_USERNAME + secretKey: username + secretName: + _default: postgres-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + secretKey: password + secretName: + _default: postgres-secret-documentations + - name: DJANGO_TOKEN + secretKey: token + secretName: + _default: django-secret + - name: PG_DB + secretKey: database + secretName: + _default: postgres-secret + - name: PG_LOGIN + secretKey: username + secretName: + _default: postgres-secret + - name: PG_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: RABBITMQ_USERNAME + secretKey: username + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + service: + enabled: true + name: + _default: backend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: flows +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: frontend + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_55af772e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: frontend-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: celery + namespace: issues +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + command: + _default: + - celery + - -A + - config + - worker + - -l + - info + - -E + - --concurrency=2 + enabled: true + name: + _default: celery + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: ENVIRONMENT + value: + _default: production + - name: AERO_PUBLIC_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: AERO_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: BASE_AERO_URL + value: + _default: https://test.sarex.brusnika.tech + - name: BASE_AUTH_URL + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: + _default: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: + _default: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: + _default: https://test.sarex.brusnika.tech + - name: DOCUMENTATIONS_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: DATABASE_HOST + value: + _default: 192.168.2.45 + - name: DATABASE_PORT + value: + _default: "5432" + - name: API_ADDRESS + value: + _default: "8000" + - name: RABBITMQ_HOSTNAME + value: + _default: rabbitmq-service:5672 + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: YC_S3_ACCESS_KEY_ID + secretKey: key_id + secretName: + _default: yc-s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: access_key + secretName: + _default: yc-s3-secret + - name: YC_S3_BUCKET_NAME + secretKey: storage_bucket_name + secretName: + _default: yc-s3-secret + - name: YC_S3_ENDPOINT_URL + secretKey: endpoint_url + secretName: + _default: yc-s3-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + - name: SAREX_USERNAME + secretKey: username + secretName: + _default: sarex-auth + - name: SAREX_PASSWORD + secretKey: password + secretName: + _default: sarex-auth + - name: DATABASE_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DATABASE_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DATABASE_NAME + secretKey: database + secretName: + _default: postgres-secret + - name: RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_USERNAME + secretKey: username + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: JWT_PRIVATE_KEY + secretKey: ssh_private.key + secretName: + _default: backend-secret + - name: JWT_PUBLIC_KEY + secretKey: ssh_public.key + secretName: + _default: backend-secret + service: + enabled: false + name: + _default: celery-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: uwsgi.ini + path: + _default: uwsgi.ini + name: + _default: uwsgi-configmap + mountPath: + _default: /opt/server/uwsgi.ini + name: uwsgi-configmap + readOnly: + _default: true + subPath: + _default: uwsgi.ini + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: production-configmap + mountPath: + _default: /src/config/settings/production.py + name: production-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: issues + namespace: issues +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: issues + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: ENVIRONMENT + value: + _default: production + - name: AERO_PUBLIC_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: AERO_HOST + value: + _default: https://test.sarex.brusnika.tech + - name: BASE_AERO_URL + value: + _default: https://test.sarex.brusnika.tech + - name: BASE_AUTH_URL + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: WORKFLOWS_HOST + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: WORKFLOWS_URL + value: + _default: http://workflows-api-service.workflow.svc.cluster.local:8000 + - name: RESOURCES_API_HOST + value: + _default: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: + _default: http://eav-service.eav.svc.cluster.local:8000 + - name: SAREX_API + value: + _default: https://test.sarex.brusnika.tech + - name: DOCUMENTATIONS_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080 + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: DATABASE_HOST + value: + _default: 192.168.2.45 + - name: DATABASE_PORT + value: + _default: "5432" + - name: API_ADDRESS + value: + _default: "8000" + - name: RABBITMQ_HOSTNAME + value: + _default: rabbitmq-service:5672 + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/issues:production_f1b6c05c + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: YC_S3_ACCESS_KEY_ID + secretKey: key_id + secretName: + _default: yc-s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: access_key + secretName: + _default: yc-s3-secret + - name: YC_S3_BUCKET_NAME + secretKey: storage_bucket_name + secretName: + _default: yc-s3-secret + - name: YC_S3_ENDPOINT_URL + secretKey: endpoint_url + secretName: + _default: yc-s3-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + - name: SAREX_USERNAME + secretKey: username + secretName: + _default: sarex-auth + - name: SAREX_PASSWORD + secretKey: password + secretName: + _default: sarex-auth + - name: DATABASE_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DATABASE_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DATABASE_NAME + secretKey: database + secretName: + _default: postgres-secret + - name: RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_USERNAME + secretKey: username + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + - name: JWT_PRIVATE_KEY + secretKey: ssh_private.key + secretName: + _default: backend-secret + - name: JWT_PUBLIC_KEY + secretKey: ssh_public.key + secretName: + _default: backend-secret + service: + enabled: true + name: + _default: issues-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: uwsgi.ini + path: + _default: uwsgi.ini + name: + _default: uwsgi-configmap + mountPath: + _default: /opt/server/uwsgi.ini + name: uwsgi-configmap + readOnly: + _default: true + subPath: + _default: uwsgi.ini + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: production-configmap + mountPath: + _default: /src/config/settings/production.py + name: production-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: static + namespace: issues +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: static + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/contour_issues-frontend:893c9953 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: static-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingressgateway + namespace: istio-system +spec: + chart: + spec: + chart: istio-gateway-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 1.24.0 + dependsOn: + - name: istio-base + namespace: istio-system + - name: istiod + namespace: istio-system + install: + remediation: + retries: 3 + interval: 10m + postRenderers: + - kustomize: + patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: istio-ingressgateway + namespace: ingress-nginx + spec: + template: + spec: + affinity: null + target: + kind: Deployment + name: istio-ingressgateway + namespace: ingress-nginx + version: v1 + targetNamespace: ingress-nginx + upgrade: + remediation: + retries: 3 + values: + _internal_defaults_do_not_set: + hostPorts: [] + labels: + app: istio-ingressgateway + istio: ingressgateway + name: istio-ingressgateway + podAnnotations: + inject.istio.io/templates: gateway + prometheus.io/path: /stats/prometheus + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "true" + replicaCount: 2 + service: + externalTrafficPolicy: "" + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + type: ClusterIP + tolerations: [] +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istio-base + namespace: istio-system +spec: + chart: + spec: + chart: istio-base-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 1.24.0 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: istiod + namespace: istio-system +spec: + chart: + spec: + chart: istiod-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 1.24.0 + dependsOn: + - name: istio-base + namespace: istio-system + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mapper + namespace: mapper +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + preprod: backend + production: backend + stage: mapper-backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + resources: + limits: + cpu: + _default: "2.0" + memory: + _default: 512Mi + requests: + cpu: + _default: "1.0" + memory: + _default: 128Mi + enabled: true + envs: + - name: DOCUMENTATION_HOST + value: + _default: https://test.sarex.brusnika.tech/documentations/api/v1 + - name: FLOW_HOST + value: + _default: https://test.sarex.brusnika.tech/flows/api/v1 + - name: DJANGO_HOST + value: + _default: https://test.sarex.brusnika.tech/api + - name: NOTE_HOST + value: + _default: https://test.sarex.brusnika.tech/notes/api/v1 + - name: REDIS_USE + value: + _default: "0" + - name: TIMEOUT + value: + _default: "120" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:prod_b0d05a34 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: dockerhub + labels: + monitoring: prometheus + owner: "" + service: + enabled: true + name: + _default: backend-service + preprod: backend-service + production: backend-service + stage: mapper-backend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: projects +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: frontend + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/projects-frontend:prod_c282de02_relative + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: frontend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: resources + namespace: resources +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: resources + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: DJANGO_SETTINGS_MODULE + value: + _default: config.settings.production + - name: DATABASE_HOST + value: + _default: 192.168.2.45 + - name: DATABASE_PORT + value: + _default: "5432" + - name: DATABASE_NAME + value: + _default: resources + - name: API_ADDRESS + value: + _default: "8000" + - name: YC_S3_ENDPOINT_URL + value: + _default: http://minio-service.minio.svc.cluster.local:9000 + - name: YC_S3_BUCKET_NAME + value: + _default: eav-service-static + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_266c031f + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: DATABASE_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DATABASE_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: YC_S3_ACCESS_KEY_ID + secretKey: key-id + secretName: + _default: yc-s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: access-key + secretName: + _default: yc-s3-secret + service: + enabled: true + name: + _default: resources-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + items: + - key: uwsgi.ini + path: + _default: uwsgi.ini + name: + _default: uwsgi-configmap + mountPath: + _default: opt/server/uwsgi.ini + name: uwsgi-configmap + readOnly: + _default: true + subPath: + _default: uwsgi.ini + - configMap: + items: + - key: production.py + path: + _default: production.py + name: + _default: django-configmap + mountPath: + _default: /server/config/settings/production.py + name: django-configmap + readOnly: + _default: true + subPath: + _default: production.py +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: reviews +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: frontend + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/reviews-frontend:contour_86e27d75 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: frontend-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: sarex-subscriptions + namespace: subscriptions +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: sarex-subscriptions + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: DATABASE_HOST + value: + _default: 192.168.2.45 + - name: DATABASE_PORT + value: + _default: "5432" + - name: DATABASE_NAME + value: + _default: subscriptions + - name: API_ADDRESS + value: + _default: "8000" + - name: SYSTEM_LOG_HOST + value: + _default: http://api-service.system-log + - name: USER_SERVICE_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: IS_USE_TELEGRAM + value: + _default: "false" + - name: IS_MAILGUN_USE + value: + _default: "0" + - name: SMTP_EMAIL_FROM + value: + _default: cde@brusnika.ru + - name: SMTP_EMAIL_HOST + value: + _default: smtp-relay.gmail.com + - name: SMTP_EMAIL_PORT + value: + _default: "587" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/subscriptions:prod_a50928e1 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: DATABASE_USER + secretKey: username + secretName: + _default: postgres-secret + - name: DATABASE_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: YC_S3_ACCESS_KEY_ID + secretKey: key_id + secretName: + _default: yc-s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: access_key + secretName: + _default: yc-s3-secret + - name: YC_S3_BUCKET_NAME + secretKey: storage_bucket_name + secretName: + _default: yc-s3-secret + - name: YC_S3_ENDPOINT_URL + secretKey: endpoint_url + secretName: + _default: yc-s3-secret + service: + enabled: true + name: + _default: sarex-subscriptions-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: api + namespace: system-log +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: api + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: KAFKA_ENABLE + value: + _default: "1" + - name: KAFKA_BROKERS + value: + _default: rc1d-s0a1ujcbj6fdk26b.mdb.yandexcloud.net:9091 + - name: KAFKA_GROUP + value: + _default: system-log-stage + - name: KAFKA_CLIENT_ID + value: + _default: system-log-stage + - name: KAFKA_USE_SSL + value: + _default: "1" + - name: KAFKA_ENABLE_LOGGING + value: + _default: "1" + - name: KAFKA_TOPIC + value: + _default: bru.cde.folders.stage + - name: APP_NAME + value: + _default: system_log + - name: APP_VERSION + value: + _default: 0.0.1 + - name: LOG_LEVEL + value: + _default: INFO + - name: HTTP_HOST + value: + _default: 0.0.0.0 + - name: HTTP_PORT + value: + _default: "8000" + - name: NAMESPACE + value: + _default: system-log + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: system_log + - name: POSTGRES_POOL_SIZE + value: + _default: "3" + - name: ENABLE_SSL + value: + _default: "0" + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/system-log:prod_6ed1b27e + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: KAFKA_USERNAME + secretKey: username + secretName: + _default: ya-kafka-secret + - name: KAFKA_PASSWORD + secretKey: password + secretName: + _default: ya-kafka-secret + - name: KAFKA_PEM_CERT + secretKey: certificate + secretName: + _default: yc-kafka-certificate + - name: KAFKA_PEM_PATH + secretKey: certificate + secretName: + _default: yc-kafka-certificate + service: + enabled: true + name: + _default: api-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: worker + namespace: system-log +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: worker + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: APP_NAME + value: + _default: system_log + - name: APP_VERSION + value: + _default: 0.0.1 + - name: LOG_LEVEL + value: + _default: INFO + - name: HTTP_HOST + value: + _default: 0.0.0.0 + - name: HTTP_PORT + value: + _default: "8000" + - name: NAMESPACE + value: + _default: sarex-system-log + - name: DOCUMENTATIONS_URL + value: + _default: http://documentations-api.documentations.svc.cluster.local:8080 + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: system_log + - name: POSTGRES_POOL_SIZE + value: + _default: "3" + - name: ENABLE_SSL + value: + _default: "0" + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/system_log_worker:de6a0147d285afa273e85c0f074c8b6049d03a32 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: SUPER_USERNAME + secretKey: username + secretName: + _default: superuser + - name: SUPER_PASSWORD + secretKey: password + secretName: + _default: superuser + service: + enabled: false + name: + _default: worker-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vault + namespace: vault +spec: + chart: + spec: + chart: vault-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.0 + install: + remediation: + retries: 3 + interval: 5m + timeout: 10m + upgrade: + remediation: + retries: 3 + values: + imagePullSecrets: + - name: regcred + server: + dataStorage: + storageClass: local-path +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: rfi-backend-api + namespace: workspaces +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: rfi-backend-api + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: JWT_AUTH_ENABLE + value: + _default: "True" + - name: NOTIFICATIONS_ENABLE + value: + _default: "false" + - name: NOTIFICATIONS_EMAIL_FROM + value: + _default: hello@sarex.io + - name: NOTIFICATIONS_SERVICE_URL + value: + _default: https://lk.srx.wb.ru:30443/rfi + - name: SAREX_BACKEND_URL + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: EAV_URL + value: + _default: http://eav-service.eav.svc.cluster.local:8000 + - name: GATEWAY_URL + value: + _default: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RABBITMQ_PORT + value: + _default: "5672" + - name: RABBITMQ_HOST + value: + _default: rabbitmq.rabbitmq.svc.cluster.local + - name: DB_HOST + value: + _default: 192.168.2.45 + - name: DB_PORT + value: + _default: "5432" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/rfi-backend:dev4 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: DJANGO_SECRET_KEY + secretKey: django_secret_key + secretName: + _default: django-secret + - name: DB_NAME + secretKey: dbname + secretName: + _default: postgres-secret + - name: DB_USER + secretKey: user + secretName: + _default: postgres-secret + - name: DB_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: SAREX_BACKEND_AUTH + secretKey: token + secretName: + _default: django-secret + - name: YC_S3_ACCESS_KEY_ID + secretKey: key_id + secretName: + _default: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + secretKey: access_key + secretName: + _default: s3-secret + - name: YC_S3_BUCKET_NAME + secretKey: storage_bucket_name + secretName: + _default: s3-secret + - name: YC_S3_ENDPOINT_URL + secretKey: endpoint_url + secretName: + _default: s3-secret + - name: RABBITMQ_VHOST + secretKey: vhost + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_USERNAME + secretKey: username + secretName: + _default: rabbitmq-secret + - name: RABBITMQ_PASSWORD + secretKey: password + secretName: + _default: rabbitmq-secret + service: + enabled: true + name: + _default: rfi-backend-api-svc + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: rfi-frontend + namespace: workspaces +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: rfi-frontend + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/rfi-frontend:wb_b81d2efd + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: rfi-frontend-service + port: + _default: 80 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: workspaces-api + namespace: workspaces +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + args: + _default: + - | + set -euo pipefail + /migrations migrate + /api + command: + _default: + - /bin/bash + - -ec + enabled: true + name: + _default: workspaces-api + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + envs: + - name: POSTGRES_ADDRESS + value: + _default: 192.168.2.45 + - name: POSTGRES_PORT + value: + _default: "5432" + - name: POSTGRES_DB + value: + _default: workspaces_db + - name: POSTGRES_POOL_SIZE + value: + _default: "3" + - name: BUNDLES_RETRY_COUNT + value: + _default: "5" + - name: BUNDLES_NJOBS + value: + _default: "5" + - name: API_ADDRESS + value: + _default: 0.0.0.0:8000 + - name: NAMESPACE + value: + _default: workspaces + - name: ENABLE_SQL_QUERY + value: + _default: "0" + - name: ENABLE_SSL + value: + _default: "0" + - name: DOCUMENTATION_HOST + value: + _default: https://test.sarex.brusnika.tech/documentations + - name: DOCUMENTATION_LOGGER_FEATURE + value: + _default: "0" + - name: DOCUMENTATION_ORIGINATOR + value: + _default: prod_ws + - name: ENVIRONMENT + value: + _default: prod + - name: DJANGO_HOST + value: + _default: http://backend.django.svc.cluster.local:8000 + - name: DJANGO_ORIGINATOR + value: + _default: docs_prod + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/workspaces:production_bfd943b2 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + labels: + monitoring: prometheus + owner: "" + secretEnvs: + - name: POSTGRES_USER + secretKey: username + secretName: + _default: postgres-secret + - name: POSTGRES_PASSWORD + secretKey: password + secretName: + _default: postgres-secret + - name: DJANGO_BASIC_AUTH + secretKey: key + secretName: + _default: django-auth + service: + enabled: true + name: + _default: workspaces-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: workspaces-v2-frontend-static + namespace: workspaces +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + frontend: + commitSha: "" + deployment: + enabled: true + name: + _default: workspaces-v2-frontend-static + port: + _default: 80 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + enabled: true + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/workspaces-v2-frontend:contour_8e96aa59 + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + owner: "" + service: + enabled: true + name: + _default: workspaces-v2-frontend-static-service + port: + _default: 8080 + portName: + _default: http + targetPort: + _default: 80 + type: + _default: ClusterIP + volumes: + _default: + - configMap: + defaultMode: 420 + items: + - key: nginx.conf + path: nginx.conf + name: + _default: nginx-configmap + mountPath: + _default: /etc/nginx/nginx.conf + name: nginx-configmap + readOnly: + _default: true + subPath: + _default: nginx.conf +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + path: ./clusters/brusnika-stage + prune: true + retryInterval: 30s + sourceRef: + kind: GitRepository + name: flux-system +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt + name: vault + namespace: vault +spec: + ingressClassName: nginx + rules: + - host: vault.stage.brusnika.sarex.lonsdaleites.ru + http: + paths: + - backend: + service: + name: vault-vault-contour + port: + number: 8200 + path: / + pathType: Prefix + tls: + - hosts: + - vault.stage.brusnika.sarex.lonsdaleites.ru + secretName: vault-stage-tls +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: master + secretRef: + name: flux-system + url: https://gitea.stage.brusnika.sarex.lonsdaleites.ru/sarex/iac.git +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: yc-oci-charts + namespace: flux-system +spec: + interval: 10m0s + secretRef: + name: yc-cr-auth + type: oci + url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts diff --git a/apps/pm/brusnika-stage/backend.yaml b/apps/pm/brusnika-stage/backend.yaml new file mode 100644 index 0000000..5c716e8 --- /dev/null +++ b/apps/pm/brusnika-stage/backend.yaml @@ -0,0 +1,125 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: backend + namespace: pm + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + driftDetection: + mode: enabled + + values: + global: + env: _default + + services: + backend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_8b930b70 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: backend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 8080 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: backend-svc + + type: + _default: ClusterIP + + port: + _default: 8000 + + targetPort: + _default: 8000 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + volumes: + _default: + - name: env-file + mountPath: + _default: /opt/sarex/.env + readOnly: + _default: true + secret: + secretName: + _default: sarex-env + + + labels: + monitoring: prometheus + envs: + - name: USERS_INTERNAL_HOST + value: + _default: "http://backend.django.svc.cluster.local:8000" + + - name: RESOURCES_INTERNAL_HOST + value: + _default: "http://resources-service.resources.svc.cluster.local:8000" + + - name: EAV_HOST + value: + _default: "http://eav-service.eav.svc.cluster.local:8000" + + - name: EAV_API_PREFIX + value: + _default: "/api/v0" + + - name: EAV_API_PREFIX_V1 + value: + _default: "/api/v1" + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" diff --git a/apps/pm/brusnika-stage/frontend.yaml b/apps/pm/brusnika-stage/frontend.yaml new file mode 100644 index 0000000..d30c298 --- /dev/null +++ b/apps/pm/brusnika-stage/frontend.yaml @@ -0,0 +1,95 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: frontend + namespace: pm + +spec: + interval: 10m + + chart: + spec: + chart: universal-chart + version: "0.1.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + interval: 10m + + install: + remediation: + retries: 3 + + upgrade: + remediation: + retries: 3 + driftDetection: + mode: enabled + + values: + global: + env: _default + + services: + frontend: + enabled: true + + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/pm-frontend:contour_7f125269 + pullPolicy: + _default: IfNotPresent + + deployment: + enabled: true + + name: + _default: frontend + + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + + port: + _default: 80 + + probes: + liveness: + enabled: false + readiness: + enabled: false + + service: + enabled: true + + name: + _default: frontend-service + + + type: + _default: ClusterIP + + port: + _default: 80 + + targetPort: + _default: 80 + + portName: + _default: http + + imagePullSecrets: + enabled: + _default: true + name: + _default: regcred + + + + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: "" diff --git a/apps/pm/brusnika-stage/kustomization.yaml b/apps/pm/brusnika-stage/kustomization.yaml new file mode 100644 index 0000000..9ea0260 --- /dev/null +++ b/apps/pm/brusnika-stage/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: pm +resources: + - frontend.yaml + - backend.yaml diff --git a/clusters/brusnika-stage/kustomization.yaml b/clusters/brusnika-stage/kustomization.yaml index d0518d9..dfc7416 100644 --- a/clusters/brusnika-stage/kustomization.yaml +++ b/clusters/brusnika-stage/kustomization.yaml @@ -20,4 +20,5 @@ resources: - ../../apps/subscriptions/brusnika-stage - ../../apps/document-link/brusnika-stage - ../../apps/bim/brusnika-stage - - ../../apps/rfi/brusnika-stage \ No newline at end of file + - ../../apps/rfi/brusnika-stage + - ../../apps/pm/brusnika-stage \ No newline at end of file