diff --git a/manifests/composite/flux-helm/kustomization.yaml b/manifests/composite/flux-helm/kustomization.yaml
index 3e8cbdcb4..04d90b159 100644
--- a/manifests/composite/flux-helm/kustomization.yaml
+++ b/manifests/composite/flux-helm/kustomization.yaml
@@ -1,5 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+namespace: flux-system
resources:
- ../../function/flux/base
- ../../function/flux/source-controller
diff --git a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
index f76df6efb..97f05d5f2 100644
--- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
+++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
@@ -87,9 +87,9 @@ images:
helm_operator: docker.io/fluxcd/helm-operator:1.2.0
flux:
helm_controller: # helm-controller Deployment
- manager: ghcr.io/fluxcd/helm-controller:v0.2.0
+ manager: ghcr.io/fluxcd/helm-controller:v0.4.3
source_controller: # source-controller Deployment
- manager: ghcr.io/fluxcd/source-controller:v0.2.1
+ manager: ghcr.io/fluxcd/source-controller:v0.5.3
cert-manager:
repository: "quay.io/jetstack"
diff --git a/manifests/function/flux/README.md b/manifests/function/flux/README.md
new file mode 100644
index 000000000..b63360ea3
--- /dev/null
+++ b/manifests/function/flux/README.md
@@ -0,0 +1,11 @@
+# Flux
+
+## How to Update
+
+To update the version of upstream manifests used by a given function:
+
+1. Update the versions (git refs) specified in the `dependencies` section
+ of the Kptfile at the root of the function.
+2. Run [`kpt pkg sync .`](https://github.com/GoogleContainerTools/kpt/blob/master/site/content/en/reference/pkg/sync/_index.md) from the root of the function.
+3. Update any container image references in VariableCatalogues to match
+ these new versions.
\ No newline at end of file
diff --git a/manifests/function/flux/base/Kptfile b/manifests/function/flux/base/Kptfile
new file mode 100644
index 000000000..61b092191
--- /dev/null
+++ b/manifests/function/flux/base/Kptfile
@@ -0,0 +1,13 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+dependencies:
+- name: upstream/rbac
+ git:
+ repo: "https://github.com/fluxcd/flux2"
+ directory: "manifests/rbac"
+ ref: "v0.5.1"
+- name: upstream/policies
+ git:
+ repo: "https://github.com/fluxcd/flux2"
+ directory: "manifests/policies"
+ ref: "v0.5.1"
diff --git a/manifests/function/flux/base/kustomization.yaml b/manifests/function/flux/base/kustomization.yaml
index eb15e0620..173065ae8 100644
--- a/manifests/function/flux/base/kustomization.yaml
+++ b/manifests/function/flux/base/kustomization.yaml
@@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- - rbac
- - policies
+ - upstream/rbac
+ - upstream/policies
diff --git a/manifests/function/flux/base/namespace.yaml b/manifests/function/flux/base/namespace.yaml
index 85fbe0597..c00a4321e 100644
--- a/manifests/function/flux/base/namespace.yaml
+++ b/manifests/function/flux/base/namespace.yaml
@@ -1,7 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
name: flux-system
diff --git a/manifests/function/flux/base/rbac/kustomization.yaml b/manifests/function/flux/base/rbac/kustomization.yaml
deleted file mode 100644
index d072a242d..000000000
--- a/manifests/function/flux/base/rbac/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- role.yaml
diff --git a/manifests/function/flux/base/rbac/role.yaml b/manifests/function/flux/base/rbac/role.yaml
deleted file mode 100644
index 531b1913d..000000000
--- a/manifests/function/flux/base/rbac/role.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: crd-controller-flux-system
- namespace: flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - configmaps
- - configmaps/status
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: crd-controller-flux-system
- namespace: flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: default
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: default
- namespace: flux-system
diff --git a/manifests/function/flux/base/upstream/policies/Kptfile b/manifests/function/flux/base/upstream/policies/Kptfile
new file mode 100644
index 000000000..0fc9b4343
--- /dev/null
+++ b/manifests/function/flux/base/upstream/policies/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: 0ba6fc1b366bd6f2ce231d3ac8a95eac57ff8554
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/policies
+ ref: v0.5.1
+dependencies:
+- name: upstream/rbac
+ git:
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/rbac
+ ref: v0.5.1
+- name: upstream/policies
+ git:
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/policies
+ ref: v0.5.1
diff --git a/manifests/function/flux/base/upstream/policies/allow-scraping.yaml b/manifests/function/flux/base/upstream/policies/allow-scraping.yaml
new file mode 100644
index 000000000..0daf25a19
--- /dev/null
+++ b/manifests/function/flux/base/upstream/policies/allow-scraping.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-scraping
+spec:
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ ports:
+ - protocol: TCP
+ port: 8080
+ podSelector: {}
diff --git a/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml b/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml
new file mode 100644
index 000000000..4f0622d44
--- /dev/null
+++ b/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-webhooks
+spec:
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ app: notification-controller
diff --git a/manifests/function/flux/base/policies/deny-ingress.yaml b/manifests/function/flux/base/upstream/policies/deny-ingress.yaml
similarity index 51%
rename from manifests/function/flux/base/policies/deny-ingress.yaml
rename to manifests/function/flux/base/upstream/policies/deny-ingress.yaml
index 849d122b7..5577032b4 100644
--- a/manifests/function/flux/base/policies/deny-ingress.yaml
+++ b/manifests/function/flux/base/upstream/policies/deny-ingress.yaml
@@ -1,15 +1,11 @@
-# Only allow ingress from within the same namespace.
-# Note: This will need to be opened up if Prometheus is running
-# in a different namespace.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-ingress
- namespace: flux-system
spec:
- podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
+ podSelector: {}
diff --git a/manifests/function/flux/helm-controller/crd/kustomization.yaml b/manifests/function/flux/base/upstream/policies/kustomization.yaml
similarity index 51%
rename from manifests/function/flux/helm-controller/crd/kustomization.yaml
rename to manifests/function/flux/base/upstream/policies/kustomization.yaml
index 87a2ae130..6884c9166 100644
--- a/manifests/function/flux/helm-controller/crd/kustomization.yaml
+++ b/manifests/function/flux/base/upstream/policies/kustomization.yaml
@@ -1,4 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- helmreleases.helm.toolkit.fluxcd.io.yaml
+ - deny-ingress.yaml
+ - allow-scraping.yaml
+ - allow-webhooks.yaml
diff --git a/manifests/function/flux/base/upstream/rbac/Kptfile b/manifests/function/flux/base/upstream/rbac/Kptfile
new file mode 100644
index 000000000..34b7d14f1
--- /dev/null
+++ b/manifests/function/flux/base/upstream/rbac/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: 0ba6fc1b366bd6f2ce231d3ac8a95eac57ff8554
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/rbac
+ ref: v0.5.1
+dependencies:
+- name: upstream/rbac
+ git:
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/rbac
+ ref: v0.5.1
+- name: upstream/policies
+ git:
+ repo: https://github.com/fluxcd/flux2
+ directory: manifests/policies
+ ref: v0.5.1
diff --git a/manifests/function/flux/base/upstream/rbac/cluster-role.yaml b/manifests/function/flux/base/upstream/rbac/cluster-role.yaml
new file mode 100644
index 000000000..e54dea57c
--- /dev/null
+++ b/manifests/function/flux/base/upstream/rbac/cluster-role.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cluster-reconciler
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: system
diff --git a/manifests/function/flux/base/policies/kustomization.yaml b/manifests/function/flux/base/upstream/rbac/kustomization.yaml
similarity index 67%
rename from manifests/function/flux/base/policies/kustomization.yaml
rename to manifests/function/flux/base/upstream/rbac/kustomization.yaml
index 79146c166..3036fad95 100644
--- a/manifests/function/flux/base/policies/kustomization.yaml
+++ b/manifests/function/flux/base/upstream/rbac/kustomization.yaml
@@ -1,4 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- deny-ingress.yaml
+ - role.yaml
+ - cluster-role.yaml
diff --git a/manifests/function/flux/base/upstream/rbac/role.yaml b/manifests/function/flux/base/upstream/rbac/role.yaml
new file mode 100644
index 000000000..1c642f133
--- /dev/null
+++ b/manifests/function/flux/base/upstream/rbac/role.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: crd-controller
+rules:
+- apiGroups: ['source.toolkit.fluxcd.io']
+ resources: ['*']
+ verbs: ['*']
+- apiGroups: ['kustomize.toolkit.fluxcd.io']
+ resources: ['*']
+ verbs: ['*']
+- apiGroups: ['helm.toolkit.fluxcd.io']
+ resources: ['*']
+ verbs: ['*']
+- apiGroups: ['notification.toolkit.fluxcd.io']
+ resources: ['*']
+ verbs: ['*']
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - configmaps/status
+ verbs: ['*']
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: crd-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: crd-controller
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: system
diff --git a/manifests/function/flux/helm-controller/Kptfile b/manifests/function/flux/helm-controller/Kptfile
new file mode 100644
index 000000000..8b36552bd
--- /dev/null
+++ b/manifests/function/flux/helm-controller/Kptfile
@@ -0,0 +1,13 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+dependencies:
+- name: upstream/crd
+ git:
+ repo: "https://github.com/fluxcd/helm-controller"
+ directory: "config/crd"
+ ref: "v0.4.3"
+- name: upstream/manager
+ git:
+ repo: "https://github.com/fluxcd/helm-controller"
+ directory: "config/manager"
+ ref: "v0.4.3"
diff --git a/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml b/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml
deleted file mode 100644
index 21d81337e..000000000
--- a/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml
+++ /dev/null
@@ -1,374 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- sourceRef:
- description: The name and namespace of the v1beta1.Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
- type: string
- version:
- description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.
- items:
- description: CrossNamespaceDependencyReference holds the reference to a dependency.
- properties:
- name:
- description: Name holds the name reference of a dependency.
- type: string
- namespace:
- description: Namespace holds the namespace reference of a dependency.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.
- type: boolean
- skipCRDs:
- description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.
- type: integer
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- suspend:
- description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the Helm rollback action.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.
- items:
- description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: Condition contains condition information of a toolkit resource.
- properties:
- lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
- type: string
- message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
- type: string
- reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt is the last manual reconciliation request (by annotating the HelmRelease) handled by the reconciler.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml b/manifests/function/flux/helm-controller/deployment_toleration_patch.yaml
similarity index 88%
rename from manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml
rename to manifests/function/flux/helm-controller/deployment_toleration_patch.yaml
index d77f19630..dac2e1697 100644
--- a/manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml
+++ b/manifests/function/flux/helm-controller/deployment_toleration_patch.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: helm-controller
- namespace: flux-system
spec:
template:
spec:
diff --git a/manifests/function/flux/helm-controller/kustomization.yaml b/manifests/function/flux/helm-controller/kustomization.yaml
index f7a57ead0..e91e49b50 100644
--- a/manifests/function/flux/helm-controller/kustomization.yaml
+++ b/manifests/function/flux/helm-controller/kustomization.yaml
@@ -1,5 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- crd
-- manager
+- upstream/crd
+- upstream/manager
+patchesStrategicMerge:
+- deployment_toleration_patch.yaml
\ No newline at end of file
diff --git a/manifests/function/flux/helm-controller/manager/kustomization.yaml b/manifests/function/flux/helm-controller/manager/kustomization.yaml
deleted file mode 100644
index 389fa9e55..000000000
--- a/manifests/function/flux/helm-controller/manager/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-
-patchesStrategicMerge:
-- deployment_toleration_patch.yaml
diff --git a/manifests/function/flux/helm-controller/upstream/crd/Kptfile b/manifests/function/flux/helm-controller/upstream/crd/Kptfile
new file mode 100644
index 000000000..3f8a178e0
--- /dev/null
+++ b/manifests/function/flux/helm-controller/upstream/crd/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: a09ab789782adde93419b324c7374aa92049b868
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/crd
+ ref: v0.4.3
+dependencies:
+- name: upstream/crd
+ git:
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/crd
+ ref: v0.4.3
+- name: upstream/manager
+ git:
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/manager
+ ref: v0.4.3
diff --git a/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
new file mode 100644
index 000000000..0ef7ee33e
--- /dev/null
+++ b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
@@ -0,0 +1,553 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: helmreleases.helm.toolkit.fluxcd.io
+spec:
+ group: helm.toolkit.fluxcd.io
+ names:
+ kind: HelmRelease
+ listKind: HelmReleaseList
+ plural: helmreleases
+ shortNames:
+ - hr
+ singular: helmrelease
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v2beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmRelease is the Schema for the helmreleases API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmReleaseSpec defines the desired state of a Helm release.
+ properties:
+ chart:
+ description: Chart defines the template of the v1beta1.HelmChart that
+ should be created for this HelmRelease.
+ properties:
+ spec:
+ description: Spec holds the template for the v1beta1.HelmChartSpec
+ for this HelmRelease.
+ properties:
+ chart:
+ description: The name or path the Helm chart is available
+ at in the SourceRef.
+ type: string
+ interval:
+ description: Interval at which to check the v1beta1.Source
+ for updates. Defaults to 'HelmReleaseSpec.Interval'.
+ type: string
+ sourceRef:
+ description: The name and namespace of the v1beta1.Source
+ the chart is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ maxLength: 63
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ valuesFile:
+ description: Alternative values file to use as the default
+ chart values, expected to be a relative path in the SourceRef.
+ Ignored when omitted.
+ type: string
+ version:
+ default: '*'
+ description: Version semver expression, ignored for charts
+ from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults
+ to latest when omitted.
+ type: string
+ required:
+ - chart
+ - sourceRef
+ type: object
+ required:
+ - spec
+ type: object
+ dependsOn:
+ description: DependsOn may contain a dependency.CrossNamespaceDependencyReference
+ slice with references to HelmRelease resources that must be ready
+ before this HelmRelease can be reconciled.
+ items:
+ description: CrossNamespaceDependencyReference holds the reference
+ to a dependency.
+ properties:
+ name:
+ description: Name holds the name reference of a dependency.
+ type: string
+ namespace:
+ description: Namespace holds the namespace reference of a dependency.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ install:
+ description: Install holds the configuration for Helm install actions
+ for this HelmRelease.
+ properties:
+ createNamespace:
+ description: CreateNamespace tells the Helm install action to
+ create the HelmReleaseSpec.TargetNamespace if it does not exist
+ yet. On uninstall, the namespace will not be garbage collected.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm install action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm install
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm install has been performed.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm install action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an install
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false'.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ an uninstall, is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ type: object
+ replace:
+ description: Replace tells the Helm install action to re-use the
+ 'ReleaseName', but only if that name is a deleted release which
+ remains in the history.
+ type: boolean
+ skipCRDs:
+ description: SkipCRDs tells the Helm install action to not install
+ any CRDs. By default, CRDs are installed if not already present.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
+ type: string
+ type: object
+ interval:
+ description: Interval at which to reconcile the Helm release.
+ type: string
+ kubeConfig:
+ description: KubeConfig for reconciling the HelmRelease on a remote
+ cluster. When specified, KubeConfig takes precedence over ServiceAccountName.
+ properties:
+ secretRef:
+ description: SecretRef holds the name to a secret that contains
+ a 'value' key with the kubeconfig file as the value. It must
+ be in the same namespace as the HelmRelease. It is recommended
+ that the kubeconfig is self-contained, and the secret is regularly
+ updated if credentials such as a cloud-access-token expire.
+ Cloud specific `cmd-path` auth helpers will not function without
+ adding binaries and credentials to the Pod that is responsible
+ for reconciling the HelmRelease.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: object
+ maxHistory:
+ description: MaxHistory is the number of revisions saved by Helm for
+ this HelmRelease. Use '0' for an unlimited number of revisions;
+ defaults to '10'.
+ type: integer
+ releaseName:
+ description: ReleaseName used for the Helm release. Defaults to a
+ composition of '[TargetNamespace-]Name'.
+ maxLength: 53
+ minLength: 1
+ type: string
+ rollback:
+ description: Rollback holds the configuration for Helm rollback actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm rollback action when it fails.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm rollback has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ recreate:
+ description: Recreate performs pod restarts for the resource if
+ applicable.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
+ type: string
+ type: object
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this HelmRelease.
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend reconciliation
+ for this HelmRelease, it does not apply to already started reconciliations.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace to target when performing operations
+ for the HelmRelease. Defaults to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ test:
+ description: Test holds the configuration for Helm test actions for
+ this HelmRelease.
+ properties:
+ enable:
+ description: Enable enables Helm test actions for this HelmRelease
+ after an Helm install or upgrade action has been performed.
+ type: boolean
+ ignoreFailures:
+ description: IgnoreFailures tells the controller to skip remediation
+ when the Helm tests are run but fail. Can be overwritten for
+ tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
+ and 'Upgrade.IgnoreTestFailures'.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation during the performance of a Helm test action. Defaults
+ to 'HelmReleaseSpec.Timeout'.
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a Helm
+ action. Defaults to '5m0s'.
+ type: string
+ uninstall:
+ description: Uninstall holds the configuration for Helm uninstall
+ actions for this HelmRelease.
+ properties:
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ keepHistory:
+ description: KeepHistory tells Helm to remove all associated resources
+ and mark the release as deleted, but retain the release history.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
+ type: string
+ type: object
+ upgrade:
+ description: Upgrade holds the configuration for Helm upgrade actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm upgrade action when it fails.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm upgrade action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm upgrade
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm upgrade has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ preserveValues:
+ description: PreserveValues will make Helm reuse the last release's
+ values and merge in overrides from 'Values'. Setting this flag
+ makes the HelmRelease non-declarative.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm upgrade action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an upgrade
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false' unless 'Retries' is greater than 0.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ 'Strategy', is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ strategy:
+ description: Strategy to use for failure remediation. Defaults
+ to 'rollback'.
+ enum:
+ - rollback
+ - uninstall
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
+ type: string
+ type: object
+ values:
+ description: Values holds the values for this Helm release.
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFrom:
+ description: ValuesFrom holds references to resources containing Helm
+ values for this HelmRelease, and information about how they should
+ be merged.
+ items:
+ description: ValuesReference contains a reference to a resource
+ containing Helm values, and optionally the key they can be found
+ at.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are ('Secret',
+ 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside in the
+ same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ description: Optional marks this ValuesReference as optional.
+ When set, a not found error for the values reference is ignored,
+ but any ValuesKey, TargetPath or transient error will still
+ result in a reconciliation failure.
+ type: boolean
+ targetPath:
+ description: TargetPath is the YAML dot notation path the value
+ should be merged at. When set, the ValuesKey is expected to
+ be a single flat value. Defaults to 'None', which results
+ in the values getting merged at the root.
+ type: string
+ valuesKey:
+ description: ValuesKey is the data key where the values.yaml
+ or a specific value can be found at. Defaults to 'values.yaml'.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - chart
+ - interval
+ type: object
+ status:
+ description: HelmReleaseStatus defines the observed state of a HelmRelease.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the HelmRelease.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ failures:
+ description: Failures is the reconciliation failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ helmChart:
+ description: HelmChart is the namespaced name of the HelmChart resource
+ created by the controller for the HelmRelease.
+ type: string
+ installFailures:
+ description: InstallFailures is the install failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ lastAppliedRevision:
+ description: LastAppliedRevision is the revision of the last successfully
+ applied source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastAttemptedValuesChecksum:
+ description: LastAttemptedValuesChecksum is the SHA1 checksum of the
+ values of the last reconciliation attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
+ type: string
+ lastReleaseRevision:
+ description: LastReleaseRevision is the revision of the last successful
+ Helm release.
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ upgradeFailures:
+ description: UpgradeFailures is the upgrade failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml
new file mode 100644
index 000000000..34552057c
--- /dev/null
+++ b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - bases/helm.toolkit.fluxcd.io_helmreleases.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
diff --git a/manifests/function/flux/helm-controller/upstream/manager/Kptfile b/manifests/function/flux/helm-controller/upstream/manager/Kptfile
new file mode 100644
index 000000000..1446780f9
--- /dev/null
+++ b/manifests/function/flux/helm-controller/upstream/manager/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: a09ab789782adde93419b324c7374aa92049b868
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/manager
+ ref: v0.4.3
+dependencies:
+- name: upstream/crd
+ git:
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/crd
+ ref: v0.4.3
+- name: upstream/manager
+ git:
+ repo: https://github.com/fluxcd/helm-controller
+ directory: config/manager
+ ref: v0.4.3
diff --git a/manifests/function/flux/helm-controller/manager/deployment.yaml b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml
similarity index 52%
rename from manifests/function/flux/helm-controller/manager/deployment.yaml
rename to manifests/function/flux/helm-controller/upstream/manager/deployment.yaml
index 793aee79d..608e0e8bc 100644
--- a/manifests/function/flux/helm-controller/manager/deployment.yaml
+++ b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml
@@ -1,47 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- control-plane: controller
name: helm-controller
- namespace: flux-system
+ labels:
+ control-plane: controller
spec:
- replicas: 1
selector:
matchLabels:
app: helm-controller
+ replicas: 1
template:
metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
labels:
app: helm-controller
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "8080"
spec:
+ terminationGracePeriodSeconds: 10
containers:
- - args:
- - --events-addr=
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.1.3
+ - name: manager
+ image: fluxcd/helm-controller
imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ args:
+ - --watch-all-namespaces
+ - --log-level=info
+ - --log-json
+ - --enable-leader-election
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
livenessProbe:
httpGet:
- path: /metrics
- port: http-prom
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
+ path: /healthz
+ port: healthz
resources:
limits:
cpu: 1000m
@@ -49,16 +56,9 @@ spec:
requests:
cpu: 100m
memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
+ - name: temp
+ mountPath: /tmp
volumes:
- - emptyDir: {}
- name: temp
+ - name: temp
+ emptyDir: {}
diff --git a/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml
new file mode 100644
index 000000000..3d08ccd48
--- /dev/null
+++ b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- deployment.yaml
+images:
+ - name: fluxcd/helm-controller
+ newName: fluxcd/helm-controller
+ newTag: v0.4.3
diff --git a/manifests/function/flux/source-controller/Kptfile b/manifests/function/flux/source-controller/Kptfile
new file mode 100644
index 000000000..4850fa8b8
--- /dev/null
+++ b/manifests/function/flux/source-controller/Kptfile
@@ -0,0 +1,13 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+dependencies:
+- name: upstream/crd
+ git:
+ repo: "https://github.com/fluxcd/source-controller"
+ directory: "config/crd"
+ ref: "v0.5.3"
+- name: upstream/manager
+ git:
+ repo: "https://github.com/fluxcd/source-controller"
+ directory: "config/manager"
+ ref: "v0.5.3"
diff --git a/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml
deleted file mode 100644
index 7f8234cd7..000000000
--- a/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml
+++ /dev/null
@@ -1,158 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible bucket
- properties:
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore).
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials for the Bucket.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- timeout:
- description: The timeout for download operations, default ('20s').
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: Condition contains condition information of a toolkit resource.
- properties:
- lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
- type: string
- message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
- type: string
- reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml
deleted file mode 100644
index 943a0699d..000000000
--- a/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml
+++ /dev/null
@@ -1,177 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- ignore:
- description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
- type: string
- interval:
- description: The interval at which to check for repository updates.
- type: string
- ref:
- description: The git reference to checkout and monitor for changes, defaults to master branch.
- properties:
- branch:
- description: The git branch to checkout, defaults to master.
- type: string
- commit:
- description: The git commit sha to checkout, if specified tag filters will be ignored.
- type: string
- semver:
- description: The git tag semver expression, takes precedence over tag.
- type: string
- tag:
- description: The git tag to checkout, takes precedence over branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- timeout:
- description: The timeout for remote git operations like cloning, default to 20s.
- type: string
- url:
- description: The repository URL, can be a HTTP or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the commit that HEAD points to.
- properties:
- mode:
- description: Mode describes what git object should be verified, currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all trusted git authors.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful repository sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: Condition contains condition information of a toolkit resource.
- properties:
- lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
- type: string
- message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
- type: string
- reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml
deleted file mode 100644
index 6d14f35b4..000000000
--- a/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml
+++ /dev/null
@@ -1,165 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- chart:
- description: The name or path the Helm chart is available at in the SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
- type: string
- version:
- description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful chart sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: Condition contains condition information of a toolkit resource.
- properties:
- lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
- type: string
- message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
- type: string
- reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml
deleted file mode 100644
index 22bb491a5..000000000
--- a/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml
+++ /dev/null
@@ -1,139 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- timeout:
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful repository sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: Condition contains condition information of a toolkit resource.
- properties:
- lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
- format: date-time
- type: string
- message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
- type: string
- reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of ('True', 'False', 'Unknown').
- type: string
- type:
- description: Type of the condition.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/manifests/function/flux/source-controller/crd/kustomization.yaml b/manifests/function/flux/source-controller/crd/kustomization.yaml
deleted file mode 100644
index 1880abd89..000000000
--- a/manifests/function/flux/source-controller/crd/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- buckets.source.toolkit.fluxcd.io.yaml
-- gitrepositories.source.toolkit.fluxcd.io.yaml
-- helmcharts.source.toolkit.fluxcd.io.yaml
-- helmrepositories.source.toolkit.fluxcd.io.yaml
diff --git a/manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml b/manifests/function/flux/source-controller/deployment_toleration_patch.yaml
similarity index 88%
rename from manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml
rename to manifests/function/flux/source-controller/deployment_toleration_patch.yaml
index 1b0be47c4..4f4923c2b 100644
--- a/manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml
+++ b/manifests/function/flux/source-controller/deployment_toleration_patch.yaml
@@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: source-controller
- namespace: flux-system
spec:
template:
spec:
diff --git a/manifests/function/flux/source-controller/kustomization.yaml b/manifests/function/flux/source-controller/kustomization.yaml
index f7a57ead0..127e9e066 100644
--- a/manifests/function/flux/source-controller/kustomization.yaml
+++ b/manifests/function/flux/source-controller/kustomization.yaml
@@ -1,5 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- crd
-- manager
+- upstream/crd
+- upstream/manager
+patchesStrategicMerge:
+- deployment_toleration_patch.yaml
diff --git a/manifests/function/flux/source-controller/manager/deployment.yaml b/manifests/function/flux/source-controller/manager/deployment.yaml
deleted file mode 100644
index 2f01fccad..000000000
--- a/manifests/function/flux/source-controller/manager/deployment.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-json
- - --enable-leader-election
- - --storage-path=/data
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: http_proxy
- value: REPLACEMENT_HTTP_PROXY
- - name: https_proxy
- value: REPLACEMENT_HTTPS_PROXY
- - name: no_proxy
- value: REPLACEMENT_NO_PROXY
- image: ghcr.io/fluxcd/source-controller:v0.2.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /
- port: http
- name: manager
- ports:
- - containerPort: 9090
- name: http
- - containerPort: 8080
- name: http-prom
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
diff --git a/manifests/function/flux/source-controller/upstream/crd/Kptfile b/manifests/function/flux/source-controller/upstream/crd/Kptfile
new file mode 100644
index 000000000..a45a40f43
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: c602c5d85093a8e38fae993fee0ed743c8615e46
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/crd
+ ref: v0.5.2
+dependencies:
+- name: upstream/crd
+ git:
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/crd
+ ref: v0.5.2
+- name: upstream/manager
+ git:
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/manager
+ ref: v0.5.2
diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml
new file mode 100644
index 000000000..6e95950f4
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml
@@ -0,0 +1,226 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: buckets.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: Bucket
+ listKind: BucketList
+ plural: buckets
+ singular: bucket
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Bucket is the Schema for the buckets API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BucketSpec defines the desired state of an S3 compatible
+ bucket
+ properties:
+ bucketName:
+ description: The bucket name.
+ type: string
+ endpoint:
+ description: The bucket endpoint address.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+ type: boolean
+ interval:
+ description: The interval at which to check for bucket updates.
+ type: string
+ provider:
+ default: generic
+ description: The S3 compatible storage provider name, default ('generic').
+ enum:
+ - generic
+ - aws
+ type: string
+ region:
+ description: The bucket region.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Bucket.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 20s
+ description: The timeout for download operations, defaults to 20s.
+ type: string
+ required:
+ - bucketName
+ - endpoint
+ - interval
+ type: object
+ status:
+ description: BucketStatus defines the observed state of a bucket
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ Bucket sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the Bucket.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the artifact output of the
+ last Bucket sync.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml
new file mode 100644
index 000000000..c6513c3dc
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml
@@ -0,0 +1,262 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: gitrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: GitRepository
+ listKind: GitRepositoryList
+ plural: gitrepositories
+ singular: gitrepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: GitRepository is the Schema for the gitrepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GitRepositorySpec defines the desired state of a Git repository.
+ properties:
+ gitImplementation:
+ default: go-git
+ description: Determines which git client library to use. Defaults
+ to go-git, valid values are ('go-git', 'libgit2').
+ enum:
+ - go-git
+ - libgit2
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ interval:
+ description: The interval at which to check for repository updates.
+ type: string
+ ref:
+ description: The Git reference to checkout and monitor for changes,
+ defaults to master branch.
+ properties:
+ branch:
+ default: master
+ description: The Git branch to checkout, defaults to master.
+ type: string
+ commit:
+ description: The Git commit SHA to checkout, if specified Tag
+ filters will be ignored.
+ type: string
+ semver:
+ description: The Git tag semver expression, takes precedence over
+ Tag.
+ type: string
+ tag:
+ description: The Git tag to checkout, takes precedence over Branch.
+ type: string
+ type: object
+ secretRef:
+ description: The secret name containing the Git credentials. For HTTPS
+ repositories the secret must contain username and password fields.
+ For SSH repositories the secret must contain identity, identity.pub
+ and known_hosts fields.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 20s
+ description: The timeout for remote Git operations like cloning, defaults
+ to 20s.
+ type: string
+ url:
+ description: The repository URL, can be a HTTP/S or SSH address.
+ pattern: ^(http|https|ssh)://
+ type: string
+ verify:
+ description: Verify OpenPGP signature for the Git commit HEAD points
+ to.
+ properties:
+ mode:
+ description: Mode describes what git object should be verified,
+ currently ('head').
+ enum:
+ - head
+ type: string
+ secretRef:
+ description: The secret name containing the public keys of all
+ trusted Git authors.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - mode
+ type: object
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ description: GitRepositoryStatus defines the observed state of a Git repository.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ repository sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the GitRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the artifact output of the
+ last repository sync.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml
new file mode 100644
index 000000000..c7da4899b
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml
@@ -0,0 +1,229 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: helmcharts.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmChart
+ listKind: HelmChartList
+ plural: helmcharts
+ singular: helmchart
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.chart
+ name: Chart
+ type: string
+ - jsonPath: .spec.version
+ name: Version
+ type: string
+ - jsonPath: .spec.sourceRef.kind
+ name: Source Kind
+ type: string
+ - jsonPath: .spec.sourceRef.name
+ name: Source Name
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmChart is the Schema for the helmcharts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmChartSpec defines the desired state of a Helm chart.
+ properties:
+ chart:
+ description: The name or path the Helm chart is available at in the
+ SourceRef.
+ type: string
+ interval:
+ description: The interval at which to check the Source for updates.
+ type: string
+ sourceRef:
+ description: The reference to the Source the chart is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent, valid values are ('HelmRepository',
+ 'GitRepository', 'Bucket').
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ valuesFile:
+ description: Alternative values file to use as the default chart values,
+ expected to be a relative path in the SourceRef. Ignored when omitted.
+ type: string
+ version:
+ default: '*'
+ description: The chart version semver expression, ignored for charts
+ from GitRepository and Bucket sources. Defaults to latest when omitted.
+ type: string
+ required:
+ - chart
+ - interval
+ - sourceRef
+ type: object
+ status:
+ description: HelmChartStatus defines the observed state of the HelmChart.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ chart sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmChart.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the last chart pulled.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml
new file mode 100644
index 000000000..00868c6ad
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml
@@ -0,0 +1,204 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: helmrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmRepository
+ listKind: HelmRepositoryList
+ plural: helmrepositories
+ singular: helmrepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmRepository is the Schema for the helmrepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmRepositorySpec defines the reference to a Helm repository.
+ properties:
+ interval:
+ description: The interval at which to check the upstream for updates.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Helm repository. For HTTP/S basic auth the secret must contain
+ username and password fields. For TLS the secret must contain a
+ certFile and keyFile, and/or caCert fields.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout of index downloading, defaults to 60s.
+ type: string
+ url:
+ description: The Helm repository URL, a valid URL contains at least
+ a protocol and host.
+ type: string
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ repository sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmRepository.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: URL is the download link for the last index fetched.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml b/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml
new file mode 100644
index 000000000..a666a9259
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- bases/source.toolkit.fluxcd.io_gitrepositories.yaml
+- bases/source.toolkit.fluxcd.io_helmrepositories.yaml
+- bases/source.toolkit.fluxcd.io_helmcharts.yaml
+- bases/source.toolkit.fluxcd.io_buckets.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
diff --git a/manifests/function/flux/source-controller/upstream/manager/Kptfile b/manifests/function/flux/source-controller/upstream/manager/Kptfile
new file mode 100644
index 000000000..5da7b4adf
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/manager/Kptfile
@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1alpha1
+kind: Kptfile
+upstream:
+ type: git
+ git:
+ commit: c602c5d85093a8e38fae993fee0ed743c8615e46
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/manager
+ ref: v0.5.2
+dependencies:
+- name: upstream/crd
+ git:
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/crd
+ ref: v0.5.2
+- name: upstream/manager
+ git:
+ repo: https://github.com/fluxcd/source-controller
+ directory: config/manager
+ ref: v0.5.2
diff --git a/manifests/function/flux/source-controller/upstream/manager/deployment.yaml b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml
new file mode 100644
index 000000000..a87653f30
--- /dev/null
+++ b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: source-controller
+ labels:
+ control-plane: controller
+spec:
+ selector:
+ matchLabels:
+ app: source-controller
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: source-controller
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "8080"
+ spec:
+ terminationGracePeriodSeconds: 10
+ containers:
+ - name: manager
+ image: fluxcd/source-controller
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ ports:
+ - containerPort: 9090
+ name: http
+ - containerPort: 8080
+ name: http-prom
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ args:
+ - --watch-all-namespaces
+ - --log-level=info
+ - --log-json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ livenessProbe:
+ httpGet:
+ port: http
+ path: /
+ readinessProbe:
+ httpGet:
+ port: http
+ path: /
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 64Mi
+ volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: tmp
+ mountPath: /tmp
+ volumes:
+ - name: data
+ emptyDir: {}
+ - name: tmp
+ emptyDir: {}
diff --git a/manifests/function/flux/source-controller/manager/kustomization.yaml b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml
similarity index 53%
rename from manifests/function/flux/source-controller/manager/kustomization.yaml
rename to manifests/function/flux/source-controller/upstream/manager/kustomization.yaml
index e97f6021d..2b22929ce 100644
--- a/manifests/function/flux/source-controller/manager/kustomization.yaml
+++ b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml
@@ -1,8 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- deployment.yaml
- service.yaml
-
-patchesStrategicMerge:
-- deployment_toleration_patch.yaml
+- deployment.yaml
+images:
+- name: fluxcd/source-controller
+ newName: fluxcd/source-controller
+ newTag: v0.5.2
diff --git a/manifests/function/flux/source-controller/manager/service.yaml b/manifests/function/flux/source-controller/upstream/manager/service.yaml
similarity index 50%
rename from manifests/function/flux/source-controller/manager/service.yaml
rename to manifests/function/flux/source-controller/upstream/manager/service.yaml
index 4646bf730..66ee36bd9 100644
--- a/manifests/function/flux/source-controller/manager/service.yaml
+++ b/manifests/function/flux/source-controller/upstream/manager/service.yaml
@@ -1,18 +1,15 @@
apiVersion: v1
kind: Service
metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.2.0
- control-plane: controller
name: source-controller
- namespace: flux-system
+ labels:
+ control-plane: controller
spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
+ type: ClusterIP
selector:
app: source-controller
- type: ClusterIP
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
diff --git a/tools/deployment/35_deploy_workload.sh b/tools/deployment/35_deploy_workload.sh
index 6a30a5acb..34869f1e4 100755
--- a/tools/deployment/35_deploy_workload.sh
+++ b/tools/deployment/35_deploy_workload.sh
@@ -27,5 +27,10 @@ airshipctl phase run workload-target --debug
echo "Ensure we can reach ingress controller default backend"
if [ "404" != "$(curl --head --write-out '%{http_code}' --silent --output /dev/null $TARGET_IP:$TARGET_PORT/should-404)" ]; then
echo -e "\nFailed to reach ingress controller default backend."
+
+ kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get all -n flux-system
+ kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT logs -n flux-system -l app=helm-controller
+ kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get hr --all-namespaces -o yaml
+
exit 1
fi