From d64404864bedea534fc717061edd35645c833ed1 Mon Sep 17 00:00:00 2001 From: Sean Eagan Date: Mon, 7 Dec 2020 15:26:16 -0600 Subject: [PATCH] Update Flux manifests This updates the Flux manifests to the latest versions, which includes a fix [0] to Helm chart rendering which was impacting the OSH charts. [0]: https://github.com/fluxcd/helm-controller/pull/172 This also adds Kptfiles to each of the functions to make it trivial to update them. Relates-To: #430 Change-Id: Ic12bc6a8460542fd943ed3539cf1be19b6525dbc --- .../composite/flux-helm/kustomization.yaml | 1 + .../versions-airshipctl.yaml | 4 +- manifests/function/flux/README.md | 11 + manifests/function/flux/base/Kptfile | 13 + .../function/flux/base/kustomization.yaml | 4 +- manifests/function/flux/base/namespace.yaml | 3 - .../flux/base/rbac/kustomization.yaml | 4 - manifests/function/flux/base/rbac/role.yaml | 80 --- .../flux/base/upstream/policies/Kptfile | 20 + .../upstream/policies/allow-scraping.yaml | 14 + .../upstream/policies/allow-webhooks.yaml | 13 + .../{ => upstream}/policies/deny-ingress.yaml | 6 +- .../upstream/policies}/kustomization.yaml | 4 +- .../function/flux/base/upstream/rbac/Kptfile | 20 + .../flux/base/upstream/rbac/cluster-role.yaml | 12 + .../rbac}/kustomization.yaml | 3 +- .../flux/base/upstream/rbac/role.yaml | 43 ++ .../function/flux/helm-controller/Kptfile | 13 + .../helmreleases.helm.toolkit.fluxcd.io.yaml | 374 ------------ .../deployment_toleration_patch.yaml | 1 - .../flux/helm-controller/kustomization.yaml | 6 +- .../manager/kustomization.yaml | 7 - .../flux/helm-controller/upstream/crd/Kptfile | 20 + .../helm.toolkit.fluxcd.io_helmreleases.yaml | 553 ++++++++++++++++++ .../upstream/crd/kustomization.yaml | 5 + .../helm-controller/upstream/manager/Kptfile | 20 + .../{ => upstream}/manager/deployment.yaml | 76 +-- .../upstream/manager/kustomization.yaml | 8 + .../function/flux/source-controller/Kptfile | 13 + .../crd/buckets.source.toolkit.fluxcd.io.yaml | 158 ----- ...repositories.source.toolkit.fluxcd.io.yaml | 177 ------ .../helmcharts.source.toolkit.fluxcd.io.yaml | 165 ------ ...repositories.source.toolkit.fluxcd.io.yaml | 139 ----- .../source-controller/crd/kustomization.yaml | 7 - .../deployment_toleration_patch.yaml | 1 - .../flux/source-controller/kustomization.yaml | 6 +- .../source-controller/manager/deployment.yaml | 81 --- .../source-controller/upstream/crd/Kptfile | 20 + .../source.toolkit.fluxcd.io_buckets.yaml | 226 +++++++ ...rce.toolkit.fluxcd.io_gitrepositories.yaml | 262 +++++++++ .../source.toolkit.fluxcd.io_helmcharts.yaml | 229 ++++++++ ...ce.toolkit.fluxcd.io_helmrepositories.yaml | 204 +++++++ .../upstream/crd/kustomization.yaml | 8 + .../upstream/manager/Kptfile | 20 + .../upstream/manager/deployment.yaml | 69 +++ .../{ => upstream}/manager/kustomization.yaml | 9 +- .../{ => upstream}/manager/service.yaml | 19 +- tools/deployment/35_deploy_workload.sh | 5 + 48 files changed, 1891 insertions(+), 1265 deletions(-) create mode 100644 manifests/function/flux/README.md create mode 100644 manifests/function/flux/base/Kptfile delete mode 100644 manifests/function/flux/base/rbac/kustomization.yaml delete mode 100644 manifests/function/flux/base/rbac/role.yaml create mode 100644 manifests/function/flux/base/upstream/policies/Kptfile create mode 100644 manifests/function/flux/base/upstream/policies/allow-scraping.yaml create mode 100644 manifests/function/flux/base/upstream/policies/allow-webhooks.yaml rename manifests/function/flux/base/{ => upstream}/policies/deny-ingress.yaml (51%) rename manifests/function/flux/{helm-controller/crd => base/upstream/policies}/kustomization.yaml (51%) create mode 100644 manifests/function/flux/base/upstream/rbac/Kptfile create mode 100644 manifests/function/flux/base/upstream/rbac/cluster-role.yaml rename manifests/function/flux/base/{policies => upstream/rbac}/kustomization.yaml (67%) create mode 100644 manifests/function/flux/base/upstream/rbac/role.yaml create mode 100644 manifests/function/flux/helm-controller/Kptfile delete mode 100644 manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml rename manifests/function/flux/helm-controller/{manager => }/deployment_toleration_patch.yaml (88%) delete mode 100644 manifests/function/flux/helm-controller/manager/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/upstream/crd/Kptfile create mode 100644 manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml create mode 100644 manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/upstream/manager/Kptfile rename manifests/function/flux/helm-controller/{ => upstream}/manager/deployment.yaml (52%) create mode 100644 manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/Kptfile delete mode 100644 manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml delete mode 100644 manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml delete mode 100644 manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml delete mode 100644 manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml delete mode 100644 manifests/function/flux/source-controller/crd/kustomization.yaml rename manifests/function/flux/source-controller/{manager => }/deployment_toleration_patch.yaml (88%) delete mode 100644 manifests/function/flux/source-controller/manager/deployment.yaml create mode 100644 manifests/function/flux/source-controller/upstream/crd/Kptfile create mode 100644 manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml create mode 100644 manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml create mode 100644 manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml create mode 100644 manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml create mode 100644 manifests/function/flux/source-controller/upstream/crd/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/upstream/manager/Kptfile create mode 100644 manifests/function/flux/source-controller/upstream/manager/deployment.yaml rename manifests/function/flux/source-controller/{ => upstream}/manager/kustomization.yaml (53%) rename manifests/function/flux/source-controller/{ => upstream}/manager/service.yaml (50%) diff --git a/manifests/composite/flux-helm/kustomization.yaml b/manifests/composite/flux-helm/kustomization.yaml index 3e8cbdcb4..04d90b159 100644 --- a/manifests/composite/flux-helm/kustomization.yaml +++ b/manifests/composite/flux-helm/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: - ../../function/flux/base - ../../function/flux/source-controller diff --git a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml index f76df6efb..97f05d5f2 100644 --- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml +++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml @@ -87,9 +87,9 @@ images: helm_operator: docker.io/fluxcd/helm-operator:1.2.0 flux: helm_controller: # helm-controller Deployment - manager: ghcr.io/fluxcd/helm-controller:v0.2.0 + manager: ghcr.io/fluxcd/helm-controller:v0.4.3 source_controller: # source-controller Deployment - manager: ghcr.io/fluxcd/source-controller:v0.2.1 + manager: ghcr.io/fluxcd/source-controller:v0.5.3 cert-manager: repository: "quay.io/jetstack" diff --git a/manifests/function/flux/README.md b/manifests/function/flux/README.md new file mode 100644 index 000000000..b63360ea3 --- /dev/null +++ b/manifests/function/flux/README.md @@ -0,0 +1,11 @@ +# Flux + +## How to Update + +To update the version of upstream manifests used by a given function: + +1. Update the versions (git refs) specified in the `dependencies` section + of the Kptfile at the root of the function. +2. Run [`kpt pkg sync .`](https://github.com/GoogleContainerTools/kpt/blob/master/site/content/en/reference/pkg/sync/_index.md) from the root of the function. +3. Update any container image references in VariableCatalogues to match + these new versions. \ No newline at end of file diff --git a/manifests/function/flux/base/Kptfile b/manifests/function/flux/base/Kptfile new file mode 100644 index 000000000..61b092191 --- /dev/null +++ b/manifests/function/flux/base/Kptfile @@ -0,0 +1,13 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +dependencies: +- name: upstream/rbac + git: + repo: "https://github.com/fluxcd/flux2" + directory: "manifests/rbac" + ref: "v0.5.1" +- name: upstream/policies + git: + repo: "https://github.com/fluxcd/flux2" + directory: "manifests/policies" + ref: "v0.5.1" diff --git a/manifests/function/flux/base/kustomization.yaml b/manifests/function/flux/base/kustomization.yaml index eb15e0620..173065ae8 100644 --- a/manifests/function/flux/base/kustomization.yaml +++ b/manifests/function/flux/base/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - rbac - - policies + - upstream/rbac + - upstream/policies diff --git a/manifests/function/flux/base/namespace.yaml b/manifests/function/flux/base/namespace.yaml index 85fbe0597..c00a4321e 100644 --- a/manifests/function/flux/base/namespace.yaml +++ b/manifests/function/flux/base/namespace.yaml @@ -1,7 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 name: flux-system diff --git a/manifests/function/flux/base/rbac/kustomization.yaml b/manifests/function/flux/base/rbac/kustomization.yaml deleted file mode 100644 index d072a242d..000000000 --- a/manifests/function/flux/base/rbac/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- role.yaml diff --git a/manifests/function/flux/base/rbac/role.yaml b/manifests/function/flux/base/rbac/role.yaml deleted file mode 100644 index 531b1913d..000000000 --- a/manifests/function/flux/base/rbac/role.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: crd-controller-flux-system - namespace: flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - configmaps/status - verbs: - - '*' -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: crd-controller-flux-system - namespace: flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: default - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: default - namespace: flux-system diff --git a/manifests/function/flux/base/upstream/policies/Kptfile b/manifests/function/flux/base/upstream/policies/Kptfile new file mode 100644 index 000000000..0fc9b4343 --- /dev/null +++ b/manifests/function/flux/base/upstream/policies/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: 0ba6fc1b366bd6f2ce231d3ac8a95eac57ff8554 + repo: https://github.com/fluxcd/flux2 + directory: manifests/policies + ref: v0.5.1 +dependencies: +- name: upstream/rbac + git: + repo: https://github.com/fluxcd/flux2 + directory: manifests/rbac + ref: v0.5.1 +- name: upstream/policies + git: + repo: https://github.com/fluxcd/flux2 + directory: manifests/policies + ref: v0.5.1 diff --git a/manifests/function/flux/base/upstream/policies/allow-scraping.yaml b/manifests/function/flux/base/upstream/policies/allow-scraping.yaml new file mode 100644 index 000000000..0daf25a19 --- /dev/null +++ b/manifests/function/flux/base/upstream/policies/allow-scraping.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-scraping +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: {} + ports: + - protocol: TCP + port: 8080 + podSelector: {} diff --git a/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml b/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml new file mode 100644 index 000000000..4f0622d44 --- /dev/null +++ b/manifests/function/flux/base/upstream/policies/allow-webhooks.yaml @@ -0,0 +1,13 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-webhooks +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller diff --git a/manifests/function/flux/base/policies/deny-ingress.yaml b/manifests/function/flux/base/upstream/policies/deny-ingress.yaml similarity index 51% rename from manifests/function/flux/base/policies/deny-ingress.yaml rename to manifests/function/flux/base/upstream/policies/deny-ingress.yaml index 849d122b7..5577032b4 100644 --- a/manifests/function/flux/base/policies/deny-ingress.yaml +++ b/manifests/function/flux/base/upstream/policies/deny-ingress.yaml @@ -1,15 +1,11 @@ -# Only allow ingress from within the same namespace. -# Note: This will need to be opened up if Prometheus is running -# in a different namespace. apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-ingress - namespace: flux-system spec: - podSelector: {} policyTypes: - Ingress ingress: - from: - podSelector: {} + podSelector: {} diff --git a/manifests/function/flux/helm-controller/crd/kustomization.yaml b/manifests/function/flux/base/upstream/policies/kustomization.yaml similarity index 51% rename from manifests/function/flux/helm-controller/crd/kustomization.yaml rename to manifests/function/flux/base/upstream/policies/kustomization.yaml index 87a2ae130..6884c9166 100644 --- a/manifests/function/flux/helm-controller/crd/kustomization.yaml +++ b/manifests/function/flux/base/upstream/policies/kustomization.yaml @@ -1,4 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- helmreleases.helm.toolkit.fluxcd.io.yaml + - deny-ingress.yaml + - allow-scraping.yaml + - allow-webhooks.yaml diff --git a/manifests/function/flux/base/upstream/rbac/Kptfile b/manifests/function/flux/base/upstream/rbac/Kptfile new file mode 100644 index 000000000..34b7d14f1 --- /dev/null +++ b/manifests/function/flux/base/upstream/rbac/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: 0ba6fc1b366bd6f2ce231d3ac8a95eac57ff8554 + repo: https://github.com/fluxcd/flux2 + directory: manifests/rbac + ref: v0.5.1 +dependencies: +- name: upstream/rbac + git: + repo: https://github.com/fluxcd/flux2 + directory: manifests/rbac + ref: v0.5.1 +- name: upstream/policies + git: + repo: https://github.com/fluxcd/flux2 + directory: manifests/policies + ref: v0.5.1 diff --git a/manifests/function/flux/base/upstream/rbac/cluster-role.yaml b/manifests/function/flux/base/upstream/rbac/cluster-role.yaml new file mode 100644 index 000000000..e54dea57c --- /dev/null +++ b/manifests/function/flux/base/upstream/rbac/cluster-role.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-reconciler +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/flux/base/policies/kustomization.yaml b/manifests/function/flux/base/upstream/rbac/kustomization.yaml similarity index 67% rename from manifests/function/flux/base/policies/kustomization.yaml rename to manifests/function/flux/base/upstream/rbac/kustomization.yaml index 79146c166..3036fad95 100644 --- a/manifests/function/flux/base/policies/kustomization.yaml +++ b/manifests/function/flux/base/upstream/rbac/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- deny-ingress.yaml + - role.yaml + - cluster-role.yaml diff --git a/manifests/function/flux/base/upstream/rbac/role.yaml b/manifests/function/flux/base/upstream/rbac/role.yaml new file mode 100644 index 000000000..1c642f133 --- /dev/null +++ b/manifests/function/flux/base/upstream/rbac/role.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: crd-controller +rules: +- apiGroups: ['source.toolkit.fluxcd.io'] + resources: ['*'] + verbs: ['*'] +- apiGroups: ['kustomize.toolkit.fluxcd.io'] + resources: ['*'] + verbs: ['*'] +- apiGroups: ['helm.toolkit.fluxcd.io'] + resources: ['*'] + verbs: ['*'] +- apiGroups: ['notification.toolkit.fluxcd.io'] + resources: ['*'] + verbs: ['*'] +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: ['*'] +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: crd-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: crd-controller +subjects: + - kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/flux/helm-controller/Kptfile b/manifests/function/flux/helm-controller/Kptfile new file mode 100644 index 000000000..8b36552bd --- /dev/null +++ b/manifests/function/flux/helm-controller/Kptfile @@ -0,0 +1,13 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +dependencies: +- name: upstream/crd + git: + repo: "https://github.com/fluxcd/helm-controller" + directory: "config/crd" + ref: "v0.4.3" +- name: upstream/manager + git: + repo: "https://github.com/fluxcd/helm-controller" + directory: "config/manager" + ref: "v0.4.3" diff --git a/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml b/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml deleted file mode 100644 index 21d81337e..000000000 --- a/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml +++ /dev/null @@ -1,374 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - sourceRef: - description: The name and namespace of the v1beta1.Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted. - type: string - version: - description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. - items: - description: CrossNamespaceDependencyReference holds the reference to a dependency. - properties: - name: - description: Name holds the name reference of a dependency. - type: string - namespace: - description: Namespace holds the namespace reference of a dependency. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. - type: boolean - skipCRDs: - description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. - type: integer - releaseName: - description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - suspend: - description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the Helm rollback action. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. - items: - description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: Condition contains condition information of a toolkit resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of ('True', 'False', 'Unknown'). - type: string - type: - description: Type of the condition. - type: string - required: - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt is the last manual reconciliation request (by annotating the HelmRelease) handled by the reconciler. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml b/manifests/function/flux/helm-controller/deployment_toleration_patch.yaml similarity index 88% rename from manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml rename to manifests/function/flux/helm-controller/deployment_toleration_patch.yaml index d77f19630..dac2e1697 100644 --- a/manifests/function/flux/helm-controller/manager/deployment_toleration_patch.yaml +++ b/manifests/function/flux/helm-controller/deployment_toleration_patch.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: helm-controller - namespace: flux-system spec: template: spec: diff --git a/manifests/function/flux/helm-controller/kustomization.yaml b/manifests/function/flux/helm-controller/kustomization.yaml index f7a57ead0..e91e49b50 100644 --- a/manifests/function/flux/helm-controller/kustomization.yaml +++ b/manifests/function/flux/helm-controller/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- crd -- manager +- upstream/crd +- upstream/manager +patchesStrategicMerge: +- deployment_toleration_patch.yaml \ No newline at end of file diff --git a/manifests/function/flux/helm-controller/manager/kustomization.yaml b/manifests/function/flux/helm-controller/manager/kustomization.yaml deleted file mode 100644 index 389fa9e55..000000000 --- a/manifests/function/flux/helm-controller/manager/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml - -patchesStrategicMerge: -- deployment_toleration_patch.yaml diff --git a/manifests/function/flux/helm-controller/upstream/crd/Kptfile b/manifests/function/flux/helm-controller/upstream/crd/Kptfile new file mode 100644 index 000000000..3f8a178e0 --- /dev/null +++ b/manifests/function/flux/helm-controller/upstream/crd/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: a09ab789782adde93419b324c7374aa92049b868 + repo: https://github.com/fluxcd/helm-controller + directory: config/crd + ref: v0.4.3 +dependencies: +- name: upstream/crd + git: + repo: https://github.com/fluxcd/helm-controller + directory: config/crd + ref: v0.4.3 +- name: upstream/manager + git: + repo: https://github.com/fluxcd/helm-controller + directory: config/manager + ref: v0.4.3 diff --git a/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml new file mode 100644 index 000000000..0ef7ee33e --- /dev/null +++ b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -0,0 +1,553 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that + should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source + for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source + the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Ignored when omitted. + type: string + version: + default: '*' + description: Version semver expression, ignored for charts + from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults + to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference + to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + createNamespace: + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. + type: boolean + skipCRDs: + description: SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains + a 'value' key with the kubeconfig file as the value. It must + be in the same namespace as the HelmRelease. It is recommended + that the kubeconfig is self-contained, and the secret is regularly + updated if credentials such as a cloud-access-token expire. + Cloud specific `cmd-path` auth helpers will not function without + adding binaries and credentials to the Pod that is responsible + for reconciling the HelmRelease. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '10'. + type: integer + releaseName: + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if + applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this HelmRelease. + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the + same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully + applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful + Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml new file mode 100644 index 000000000..34552057c --- /dev/null +++ b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bases/helm.toolkit.fluxcd.io_helmreleases.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/manifests/function/flux/helm-controller/upstream/manager/Kptfile b/manifests/function/flux/helm-controller/upstream/manager/Kptfile new file mode 100644 index 000000000..1446780f9 --- /dev/null +++ b/manifests/function/flux/helm-controller/upstream/manager/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: a09ab789782adde93419b324c7374aa92049b868 + repo: https://github.com/fluxcd/helm-controller + directory: config/manager + ref: v0.4.3 +dependencies: +- name: upstream/crd + git: + repo: https://github.com/fluxcd/helm-controller + directory: config/crd + ref: v0.4.3 +- name: upstream/manager + git: + repo: https://github.com/fluxcd/helm-controller + directory: config/manager + ref: v0.4.3 diff --git a/manifests/function/flux/helm-controller/manager/deployment.yaml b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml similarity index 52% rename from manifests/function/flux/helm-controller/manager/deployment.yaml rename to manifests/function/flux/helm-controller/upstream/manager/deployment.yaml index 793aee79d..608e0e8bc 100644 --- a/manifests/function/flux/helm-controller/manager/deployment.yaml +++ b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml @@ -1,47 +1,54 @@ apiVersion: apps/v1 kind: Deployment metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - control-plane: controller name: helm-controller - namespace: flux-system + labels: + control-plane: controller spec: - replicas: 1 selector: matchLabels: app: helm-controller + replicas: 1 template: metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" labels: app: helm-controller + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" spec: + terminationGracePeriodSeconds: 10 containers: - - args: - - --events-addr= - - --watch-all-namespaces=true - - --log-level=info - - --log-json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.1.3 + - name: manager + image: fluxcd/helm-controller imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - --watch-all-namespaces + - --log-level=info + - --log-json + - --enable-leader-election + readinessProbe: + httpGet: + path: /readyz + port: healthz livenessProbe: httpGet: - path: /metrics - port: http-prom - name: manager - ports: - - containerPort: 8080 - name: http-prom + path: /healthz + port: healthz resources: limits: cpu: 1000m @@ -49,16 +56,9 @@ spec: requests: cpu: 100m memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/arch: amd64 - kubernetes.io/os: linux - terminationGracePeriodSeconds: 10 + - name: temp + mountPath: /tmp volumes: - - emptyDir: {} - name: temp + - name: temp + emptyDir: {} diff --git a/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml new file mode 100644 index 000000000..3d08ccd48 --- /dev/null +++ b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml +images: + - name: fluxcd/helm-controller + newName: fluxcd/helm-controller + newTag: v0.4.3 diff --git a/manifests/function/flux/source-controller/Kptfile b/manifests/function/flux/source-controller/Kptfile new file mode 100644 index 000000000..4850fa8b8 --- /dev/null +++ b/manifests/function/flux/source-controller/Kptfile @@ -0,0 +1,13 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +dependencies: +- name: upstream/crd + git: + repo: "https://github.com/fluxcd/source-controller" + directory: "config/crd" + ref: "v0.5.3" +- name: upstream/manager + git: + repo: "https://github.com/fluxcd/source-controller" + directory: "config/manager" + ref: "v0.5.3" diff --git a/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml deleted file mode 100644 index 7f8234cd7..000000000 --- a/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible bucket - properties: - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials for the Bucket. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - timeout: - description: The timeout for download operations, default ('20s'). - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful Bucket sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: Condition contains condition information of a toolkit resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of ('True', 'False', 'Unknown'). - type: string - type: - description: Type of the condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the last Bucket sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml deleted file mode 100644 index 943a0699d..000000000 --- a/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - ignore: - description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. - type: string - interval: - description: The interval at which to check for repository updates. - type: string - ref: - description: The git reference to checkout and monitor for changes, defaults to master branch. - properties: - branch: - description: The git branch to checkout, defaults to master. - type: string - commit: - description: The git commit sha to checkout, if specified tag filters will be ignored. - type: string - semver: - description: The git tag semver expression, takes precedence over tag. - type: string - tag: - description: The git tag to checkout, takes precedence over branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - timeout: - description: The timeout for remote git operations like cloning, default to 20s. - type: string - url: - description: The repository URL, can be a HTTP or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the commit that HEAD points to. - properties: - mode: - description: Mode describes what git object should be verified, currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all trusted git authors. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: Condition contains condition information of a toolkit resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of ('True', 'False', 'Unknown'). - type: string - type: - description: Type of the condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the last repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml deleted file mode 100644 index 6d14f35b4..000000000 --- a/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml +++ /dev/null @@ -1,165 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - chart: - description: The name or path the Helm chart is available at in the SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - valuesFile: - description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted. - type: string - version: - description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful chart sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: Condition contains condition information of a toolkit resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of ('True', 'False', 'Unknown'). - type: string - type: - description: Type of the condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml deleted file mode 100644 index 22bb491a5..000000000 --- a/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml +++ /dev/null @@ -1,139 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - interval: - description: The interval at which to check the upstream for updates. - type: string - secretRef: - description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - timeout: - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least a protocol and host. - type: string - required: - - interval - - url - type: object - status: - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: Condition contains condition information of a toolkit resource. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation for the condition's last transition. - type: string - status: - description: Status of the condition, one of ('True', 'False', 'Unknown'). - type: string - type: - description: Type of the condition. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/kustomization.yaml b/manifests/function/flux/source-controller/crd/kustomization.yaml deleted file mode 100644 index 1880abd89..000000000 --- a/manifests/function/flux/source-controller/crd/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- buckets.source.toolkit.fluxcd.io.yaml -- gitrepositories.source.toolkit.fluxcd.io.yaml -- helmcharts.source.toolkit.fluxcd.io.yaml -- helmrepositories.source.toolkit.fluxcd.io.yaml diff --git a/manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml b/manifests/function/flux/source-controller/deployment_toleration_patch.yaml similarity index 88% rename from manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml rename to manifests/function/flux/source-controller/deployment_toleration_patch.yaml index 1b0be47c4..4f4923c2b 100644 --- a/manifests/function/flux/source-controller/manager/deployment_toleration_patch.yaml +++ b/manifests/function/flux/source-controller/deployment_toleration_patch.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: source-controller - namespace: flux-system spec: template: spec: diff --git a/manifests/function/flux/source-controller/kustomization.yaml b/manifests/function/flux/source-controller/kustomization.yaml index f7a57ead0..127e9e066 100644 --- a/manifests/function/flux/source-controller/kustomization.yaml +++ b/manifests/function/flux/source-controller/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- crd -- manager +- upstream/crd +- upstream/manager +patchesStrategicMerge: +- deployment_toleration_patch.yaml diff --git a/manifests/function/flux/source-controller/manager/deployment.yaml b/manifests/function/flux/source-controller/manager/deployment.yaml deleted file mode 100644 index 2f01fccad..000000000 --- a/manifests/function/flux/source-controller/manager/deployment.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr= - - --watch-all-namespaces=true - - --log-level=info - - --log-json - - --enable-leader-election - - --storage-path=/data - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: http_proxy - value: REPLACEMENT_HTTP_PROXY - - name: https_proxy - value: REPLACEMENT_HTTPS_PROXY - - name: no_proxy - value: REPLACEMENT_NO_PROXY - image: ghcr.io/fluxcd/source-controller:v0.2.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: / - port: http - name: manager - ports: - - containerPort: 9090 - name: http - - containerPort: 8080 - name: http-prom - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/arch: amd64 - kubernetes.io/os: linux - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp diff --git a/manifests/function/flux/source-controller/upstream/crd/Kptfile b/manifests/function/flux/source-controller/upstream/crd/Kptfile new file mode 100644 index 000000000..a45a40f43 --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: c602c5d85093a8e38fae993fee0ed743c8615e46 + repo: https://github.com/fluxcd/source-controller + directory: config/crd + ref: v0.5.2 +dependencies: +- name: upstream/crd + git: + repo: https://github.com/fluxcd/source-controller + directory: config/crd + ref: v0.5.2 +- name: upstream/manager + git: + repo: https://github.com/fluxcd/source-controller + directory: config/manager + ref: v0.5.2 diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml new file mode 100644 index 000000000..6e95950f4 --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml @@ -0,0 +1,226 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible + bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials + for the Bucket. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 20s + description: The timeout for download operations, defaults to 20s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful + Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml new file mode 100644 index 000000000..c6513c3dc --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml @@ -0,0 +1,262 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults + to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + ref: + description: The Git reference to checkout and monitor for changes, + defaults to master branch. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag + filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over + Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS + repositories the secret must contain username and password fields. + For SSH repositories the secret must contain identity, identity.pub + and known_hosts fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 20s + description: The timeout for remote Git operations like cloning, defaults + to 20s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points + to. + properties: + mode: + description: Mode describes what git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all + trusted Git authors. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml new file mode 100644 index 000000000..c7da4899b --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml @@ -0,0 +1,229 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the + SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, + expected to be a relative path in the SourceRef. Ignored when omitted. + type: string + version: + default: '*' + description: The chart version semver expression, ignored for charts + from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml new file mode 100644 index 000000000..00868c6ad --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml @@ -0,0 +1,204 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain a + certFile and keyFile, and/or caCert fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least + a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml b/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml new file mode 100644 index 000000000..a666a9259 --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/crd/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- bases/source.toolkit.fluxcd.io_gitrepositories.yaml +- bases/source.toolkit.fluxcd.io_helmrepositories.yaml +- bases/source.toolkit.fluxcd.io_helmcharts.yaml +- bases/source.toolkit.fluxcd.io_buckets.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/manifests/function/flux/source-controller/upstream/manager/Kptfile b/manifests/function/flux/source-controller/upstream/manager/Kptfile new file mode 100644 index 000000000..5da7b4adf --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/manager/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +upstream: + type: git + git: + commit: c602c5d85093a8e38fae993fee0ed743c8615e46 + repo: https://github.com/fluxcd/source-controller + directory: config/manager + ref: v0.5.2 +dependencies: +- name: upstream/crd + git: + repo: https://github.com/fluxcd/source-controller + directory: config/crd + ref: v0.5.2 +- name: upstream/manager + git: + repo: https://github.com/fluxcd/source-controller + directory: config/manager + ref: v0.5.2 diff --git a/manifests/function/flux/source-controller/upstream/manager/deployment.yaml b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml new file mode 100644 index 000000000..a87653f30 --- /dev/null +++ b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: source-controller + labels: + control-plane: controller +spec: + selector: + matchLabels: + app: source-controller + replicas: 1 + template: + metadata: + labels: + app: source-controller + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: manager + image: fluxcd/source-controller + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - --watch-all-namespaces + - --log-level=info + - --log-json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + livenessProbe: + httpGet: + port: http + path: / + readinessProbe: + httpGet: + port: http + path: / + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + volumeMounts: + - name: data + mountPath: /data + - name: tmp + mountPath: /tmp + volumes: + - name: data + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/manifests/function/flux/source-controller/manager/kustomization.yaml b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml similarity index 53% rename from manifests/function/flux/source-controller/manager/kustomization.yaml rename to manifests/function/flux/source-controller/upstream/manager/kustomization.yaml index e97f6021d..2b22929ce 100644 --- a/manifests/function/flux/source-controller/manager/kustomization.yaml +++ b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- deployment.yaml - service.yaml - -patchesStrategicMerge: -- deployment_toleration_patch.yaml +- deployment.yaml +images: +- name: fluxcd/source-controller + newName: fluxcd/source-controller + newTag: v0.5.2 diff --git a/manifests/function/flux/source-controller/manager/service.yaml b/manifests/function/flux/source-controller/upstream/manager/service.yaml similarity index 50% rename from manifests/function/flux/source-controller/manager/service.yaml rename to manifests/function/flux/source-controller/upstream/manager/service.yaml index 4646bf730..66ee36bd9 100644 --- a/manifests/function/flux/source-controller/manager/service.yaml +++ b/manifests/function/flux/source-controller/upstream/manager/service.yaml @@ -1,18 +1,15 @@ apiVersion: v1 kind: Service metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/version: v0.2.0 - control-plane: controller name: source-controller - namespace: flux-system + labels: + control-plane: controller spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http + type: ClusterIP selector: app: source-controller - type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http diff --git a/tools/deployment/35_deploy_workload.sh b/tools/deployment/35_deploy_workload.sh index 6a30a5acb..34869f1e4 100755 --- a/tools/deployment/35_deploy_workload.sh +++ b/tools/deployment/35_deploy_workload.sh @@ -27,5 +27,10 @@ airshipctl phase run workload-target --debug echo "Ensure we can reach ingress controller default backend" if [ "404" != "$(curl --head --write-out '%{http_code}' --silent --output /dev/null $TARGET_IP:$TARGET_PORT/should-404)" ]; then echo -e "\nFailed to reach ingress controller default backend." + + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get all -n flux-system + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT logs -n flux-system -l app=helm-controller + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get hr --all-namespaces -o yaml + exit 1 fi