diff --git a/charts/ace-installer/README.md b/charts/ace-installer/README.md
index b579de8b5..cce62dc76 100644
--- a/charts/ace-installer/README.md
+++ b/charts/ace-installer/README.md
@@ -74,7 +74,7 @@ The following table lists the configurable parameters of the `ace-installer` cha
| helm.releases.external-dns-operator.enabled | | true |
| helm.releases.external-dns-operator.version | | "v2023.10.1" |
| helm.releases.flux2.enabled | | false |
-| helm.releases.flux2.version | | "2.11.1" |
+| helm.releases.flux2.version | | "2.12.1" |
| helm.releases.kube-prometheus-stack.enabled | | true |
| helm.releases.kube-prometheus-stack.version | | "52.1.0" |
| helm.releases.kube-ui-server.enabled | | true |
diff --git a/charts/ace-installer/crds/helm.toolkit.fluxcd.io_helmreleases.yaml b/charts/ace-installer/crds/helm.toolkit.fluxcd.io_helmreleases.yaml
index a33bd70e1..093b681fb 100644
--- a/charts/ace-installer/crds/helm.toolkit.fluxcd.io_helmreleases.yaml
+++ b/charts/ace-installer/crds/helm.toolkit.fluxcd.io_helmreleases.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ controller-gen.kubebuilder.io/version: v0.12.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
@@ -25,6 +25,8 @@ spec:
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
+ deprecated: true
+ deprecationWarning: v2beta1 HelmRelease is deprecated, upgrade to v2beta2
name: v2beta1
schema:
openAPIV3Schema:
@@ -196,6 +198,82 @@ spec:
- name
type: object
type: array
+ driftDetection:
+ description: "DriftDetection holds the configuration for detecting
+ and handling differences between the manifest in the Helm storage
+ and the resources currently existing in the cluster. \n Note: this
+ field is provisional to the v2beta2 API, and not actively used by
+ v2beta1 HelmReleases."
+ properties:
+ ignore:
+ description: Ignore contains a list of rules for specifying which
+ changes to ignore during diffing.
+ items:
+ description: IgnoreRule defines a rule to selectively disregard
+ specific changes during the drift detection process.
+ properties:
+ paths:
+ description: Paths is a list of JSON Pointer (RFC 6901)
+ paths to be excluded from consideration in a Kubernetes
+ object.
+ items:
+ type: string
+ type: array
+ target:
+ description: Target is a selector for specifying Kubernetes
+ objects to which this rule applies. If Target is not set,
+ the Paths will be ignored for all Kubernetes objects within
+ the manifest of the Helm release.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable
+ of unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is capable
+ of unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - paths
+ type: object
+ type: array
+ mode:
+ description: Mode defines how differences should be handled between
+ the Helm manifest and the manifest currently applied to the
+ cluster. If not explicitly set, it defaults to DiffModeDisabled.
+ enum:
+ - enabled
+ - warn
+ - disabled
+ type: string
+ type: object
install:
description: Install holds the configuration for Helm install actions
for this HelmRelease.
@@ -281,7 +359,9 @@ spec:
type: string
type: object
interval:
- description: Interval at which to reconcile the Helm release.
+ description: Interval at which to reconcile the Helm release. This
+ interval is approximate and may be subject to jitter to ensure efficient
+ use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
@@ -624,6 +704,15 @@ spec:
description: Uninstall holds the configuration for Helm uninstall
actions for this HelmRelease.
properties:
+ deletionPropagation:
+ default: background
+ description: DeletionPropagation specifies the deletion propagation
+ policy when a Helm uninstall is performed.
+ enum:
+ - background
+ - foreground
+ - orphan
+ type: string
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm rollback action.
@@ -869,6 +958,99 @@ spec:
description: HelmChart is the namespaced name of the HelmChart resource
created by the controller for the HelmRelease.
type: string
+ history:
+ description: "History holds the history of Helm releases performed
+ for this HelmRelease up to the last successfully completed release.
+ \n Note: this field is provisional to the v2beta2 API, and not actively
+ used by v2beta1 HelmReleases."
+ items:
+ description: Snapshot captures a point-in-time copy of the status
+ information for a Helm release, as managed by the controller.
+ properties:
+ apiVersion:
+ description: 'APIVersion is the API version of the Snapshot.
+ Provisional: when the calculation method of the Digest field
+ is changed, this field will be used to distinguish between
+ the old and new methods.'
+ type: string
+ chartName:
+ description: ChartName is the chart name of the release object
+ in storage.
+ type: string
+ chartVersion:
+ description: ChartVersion is the chart version of the release
+ object in storage.
+ type: string
+ configDigest:
+ description: ConfigDigest is the checksum of the config (better
+ known as "values") of the release object in storage. It has
+ the format of `:`.
+ type: string
+ deleted:
+ description: Deleted is when the release was deleted.
+ format: date-time
+ type: string
+ digest:
+ description: Digest is the checksum of the release object in
+ storage. It has the format of `:`.
+ type: string
+ firstDeployed:
+ description: FirstDeployed is when the release was first deployed.
+ format: date-time
+ type: string
+ lastDeployed:
+ description: LastDeployed is when the release was last deployed.
+ format: date-time
+ type: string
+ name:
+ description: Name is the name of the release.
+ type: string
+ namespace:
+ description: Namespace is the namespace the release is deployed
+ to.
+ type: string
+ status:
+ description: Status is the current state of the release.
+ type: string
+ testHooks:
+ additionalProperties:
+ description: TestHookStatus holds the status information for
+ a test hook as observed to be run by the controller.
+ properties:
+ lastCompleted:
+ description: LastCompleted is the time the test hook last
+ completed.
+ format: date-time
+ type: string
+ lastStarted:
+ description: LastStarted is the time the test hook was
+ last started.
+ format: date-time
+ type: string
+ phase:
+ description: Phase the test hook was observed to be in.
+ type: string
+ type: object
+ description: TestHooks is the list of test hooks for the release
+ as observed to be run by the controller.
+ type: object
+ version:
+ description: Version is the version of the release object in
+ storage.
+ type: integer
+ required:
+ - chartName
+ - chartVersion
+ - configDigest
+ - digest
+ - firstDeployed
+ - lastDeployed
+ - name
+ - namespace
+ - status
+ - version
+ type: object
+ type: array
installFailures:
description: InstallFailures is the install failure count against
the latest desired state. It is reset after a successful reconciliation.
@@ -878,6 +1060,24 @@ spec:
description: LastAppliedRevision is the revision of the last successfully
applied source.
type: string
+ lastAttemptedConfigDigest:
+ description: "LastAttemptedConfigDigest is the digest for the config
+ (better known as \"values\") of the last reconciliation attempt.
+ \n Note: this field is provisional to the v2beta2 API, and not actively
+ used by v2beta1 HelmReleases."
+ type: string
+ lastAttemptedGeneration:
+ description: "LastAttemptedGeneration is the last generation the controller
+ attempted to reconcile. \n Note: this field is provisional to the
+ v2beta2 API, and not actively used by v2beta1 HelmReleases."
+ format: int64
+ type: integer
+ lastAttemptedReleaseAction:
+ description: "LastAttemptedReleaseAction is the last release action
+ performed for this HelmRelease. It is used to determine the active
+ remediation strategy. \n Note: this field is provisional to the
+ v2beta2 API, and not actively used by v2beta1 HelmReleases."
+ type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
attempt.
@@ -886,11 +1086,23 @@ spec:
description: LastAttemptedValuesChecksum is the SHA1 checksum of the
values of the last reconciliation attempt.
type: string
+ lastHandledForceAt:
+ description: "LastHandledForceAt holds the value of the most recent
+ force request value, so a change of the annotation value can be
+ detected. \n Note: this field is provisional to the v2beta2 API,
+ and not actively used by v2beta1 HelmReleases."
+ type: string
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type: string
+ lastHandledResetAt:
+ description: "LastHandledResetAt holds the value of the most recent
+ reset request value, so a change of the annotation value can be
+ detected. \n Note: this field is provisional to the v2beta2 API,
+ and not actively used by v2beta1 HelmReleases."
+ type: string
lastReleaseRevision:
description: LastReleaseRevision is the revision of the last successful
Helm release.
@@ -899,6 +1111,1138 @@ spec:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
+ storageNamespace:
+ description: "StorageNamespace is the namespace of the Helm release
+ storage for the current release. \n Note: this field is provisional
+ to the v2beta2 API, and not actively used by v2beta1 HelmReleases."
+ type: string
+ upgradeFailures:
+ description: UpgradeFailures is the upgrade failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v2beta2
+ schema:
+ openAPIV3Schema:
+ description: HelmRelease is the Schema for the helmreleases API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmReleaseSpec defines the desired state of a Helm release.
+ properties:
+ chart:
+ description: Chart defines the template of the v1beta2.HelmChart that
+ should be created for this HelmRelease.
+ properties:
+ metadata:
+ description: ObjectMeta holds the template for metadata like labels
+ and annotations.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'
+ type: object
+ type: object
+ spec:
+ description: Spec holds the template for the v1beta2.HelmChartSpec
+ for this HelmRelease.
+ properties:
+ chart:
+ description: The name or path the Helm chart is available
+ at in the SourceRef.
+ maxLength: 2048
+ minLength: 1
+ type: string
+ interval:
+ description: Interval at which to check the v1.Source for
+ updates. Defaults to 'HelmReleaseSpec.Interval'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ reconcileStrategy:
+ default: ChartVersion
+ description: Determines what enables the creation of a new
+ artifact. Valid values are ('ChartVersion', 'Revision').
+ See the documentation of the values for an explanation on
+ their behavior. Defaults to ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: The name and namespace of the v1.Source the chart
+ is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ maxLength: 63
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ valuesFile:
+ description: Alternative values file to use as the default
+ chart values, expected to be a relative path in the SourceRef.
+ Deprecated in favor of ValuesFiles, for backwards compatibility
+ the file defined here is merged before the ValuesFiles items.
+ Ignored when omitted.
+ type: string
+ valuesFiles:
+ description: Alternative list of values files to use as the
+ chart values (values.yaml is not included by default), expected
+ to be a relative path in the SourceRef. Values files are
+ merged in the order of this list with the last file overriding
+ the first. Ignored when omitted.
+ items:
+ type: string
+ type: array
+ verify:
+ description: Verify contains the secret name containing the
+ trusted public keys used to verify the signature and specifies
+ which provider to use to check whether OCI image is authentic.
+ This field is only supported for OCI sources. Chart dependencies,
+ which are not bundled in the umbrella chart artifact, are
+ not verified.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to
+ sign the OCI Helm chart.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret
+ containing the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ version:
+ default: '*'
+ description: Version semver expression, ignored for charts
+ from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
+ to latest when omitted.
+ type: string
+ required:
+ - chart
+ - sourceRef
+ type: object
+ required:
+ - spec
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to HelmRelease resources that must be ready
+ before this HelmRelease can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ driftDetection:
+ description: DriftDetection holds the configuration for detecting
+ and handling differences between the manifest in the Helm storage
+ and the resources currently existing in the cluster.
+ properties:
+ ignore:
+ description: Ignore contains a list of rules for specifying which
+ changes to ignore during diffing.
+ items:
+ description: IgnoreRule defines a rule to selectively disregard
+ specific changes during the drift detection process.
+ properties:
+ paths:
+ description: Paths is a list of JSON Pointer (RFC 6901)
+ paths to be excluded from consideration in a Kubernetes
+ object.
+ items:
+ type: string
+ type: array
+ target:
+ description: Target is a selector for specifying Kubernetes
+ objects to which this rule applies. If Target is not set,
+ the Paths will be ignored for all Kubernetes objects within
+ the manifest of the Helm release.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable
+ of unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is capable
+ of unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - paths
+ type: object
+ type: array
+ mode:
+ description: Mode defines how differences should be handled between
+ the Helm manifest and the manifest currently applied to the
+ cluster. If not explicitly set, it defaults to DiffModeDisabled.
+ enum:
+ - enabled
+ - warn
+ - disabled
+ type: string
+ type: object
+ install:
+ description: Install holds the configuration for Helm install actions
+ for this HelmRelease.
+ properties:
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Create`
+ and if omitted CRDs are installed but not updated. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are applied (installed) during Helm install action. With this
+ option users can opt in to CRD replace existing CRDs on Helm
+ install actions, which is not (yet) natively supported by Helm.
+ https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ createNamespace:
+ description: CreateNamespace tells the Helm install action to
+ create the HelmReleaseSpec.TargetNamespace if it does not exist
+ yet. On uninstall, the namespace will not be garbage collected.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm install action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm install
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm install has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm install has been performed.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm install action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an install
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false'.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ an uninstall, is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ type: object
+ replace:
+ description: Replace tells the Helm install action to re-use the
+ 'ReleaseName', but only if that name is a deleted release which
+ remains in the history.
+ type: boolean
+ skipCRDs:
+ description: "SkipCRDs tells the Helm install action to not install
+ any CRDs. By default, CRDs are installed if not already present.
+ \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
+ instead."
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ interval:
+ description: Interval at which to reconcile the Helm release.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ kubeConfig:
+ description: KubeConfig for reconciling the HelmRelease on a remote
+ cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
+ is empty.
+ properties:
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
+ properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
+ name:
+ description: Name of the Secret.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - secretRef
+ type: object
+ maxHistory:
+ description: MaxHistory is the number of revisions saved by Helm for
+ this HelmRelease. Use '0' for an unlimited number of revisions;
+ defaults to '5'.
+ type: integer
+ persistentClient:
+ description: "PersistentClient tells the controller to use a persistent
+ Kubernetes client for this release. When enabled, the client will
+ be reused for the duration of the reconciliation, instead of being
+ created and destroyed for each (step of a) Helm action. \n This
+ can improve performance, but may cause issues with some Helm charts
+ that for example do create Custom Resource Definitions during installation
+ outside Helm's CRD lifecycle hooks, which are then not observed
+ to be available by e.g. post-install hooks. \n If not set, it defaults
+ to true."
+ type: boolean
+ postRenderers:
+ description: PostRenderers holds an array of Helm PostRenderers, which
+ will be applied in order of their definition.
+ items:
+ description: PostRenderer contains a Helm PostRenderer specification.
+ properties:
+ kustomize:
+ description: Kustomization to apply as PostRenderer.
+ properties:
+ images:
+ description: Images is a list of (image name, new name,
+ new tag or digest) for changing image names, tags or digests.
+ This can also be achieved with a patch, but this operator
+ is simpler to specify.
+ items:
+ description: Image contains an image name, a new name,
+ a new tag or digest, which will replace the original
+ name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the
+ original image tag. If digest is present NewTag
+ value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace
+ the original name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the
+ original tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ patches:
+ description: Strategic merge and JSON patches, defined as
+ inline YAML objects, capable of targeting objects based
+ on kind, label and annotation selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or
+ JSON6902 patch, and the target the patch should be applied
+ to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge
+ patch or an inline JSON6902 patch with an array
+ of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ patchesJson6902:
+ description: 'JSON 6902 patches, defined as inline YAML
+ objects. Deprecated: use Patches instead.'
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and
+ the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document
+ with an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object.
+ https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value
+ that references a location within the target
+ document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform.
+ Its value MUST be one of "add", "remove",
+ "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer
+ value that references a location within the
+ target document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: 'Strategic merge patches, defined as inline
+ YAML objects. Deprecated: use Patches instead.'
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ type: object
+ type: object
+ type: array
+ releaseName:
+ description: ReleaseName used for the Helm release. Defaults to a
+ composition of '[TargetNamespace-]Name'.
+ maxLength: 53
+ minLength: 1
+ type: string
+ rollback:
+ description: Rollback holds the configuration for Helm rollback actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm rollback action when it fails.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm rollback has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm rollback has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ recreate:
+ description: Recreate performs pod restarts for the resource if
+ applicable.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this HelmRelease.
+ maxLength: 253
+ minLength: 1
+ type: string
+ storageNamespace:
+ description: StorageNamespace used for the Helm storage. Defaults
+ to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend reconciliation
+ for this HelmRelease, it does not apply to already started reconciliations.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace to target when performing operations
+ for the HelmRelease. Defaults to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ test:
+ description: Test holds the configuration for Helm test actions for
+ this HelmRelease.
+ properties:
+ enable:
+ description: Enable enables Helm test actions for this HelmRelease
+ after an Helm install or upgrade action has been performed.
+ type: boolean
+ filters:
+ description: Filters is a list of tests to run or exclude from
+ running.
+ items:
+ description: Filter holds the configuration for individual Helm
+ test filters.
+ properties:
+ exclude:
+ description: Exclude specifies whether the named test should
+ be excluded.
+ type: boolean
+ name:
+ description: Name is the name of the test.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ ignoreFailures:
+ description: IgnoreFailures tells the controller to skip remediation
+ when the Helm tests are run but fail. Can be overwritten for
+ tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
+ and 'Upgrade.IgnoreTestFailures'.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation during the performance of a Helm test action. Defaults
+ to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a Helm
+ action. Defaults to '5m0s'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ uninstall:
+ description: Uninstall holds the configuration for Helm uninstall
+ actions for this HelmRelease.
+ properties:
+ deletionPropagation:
+ default: background
+ description: DeletionPropagation specifies the deletion propagation
+ policy when a Helm uninstall is performed.
+ enum:
+ - background
+ - foreground
+ - orphan
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables waiting for all the resources
+ to be deleted after a Helm uninstall is performed.
+ type: boolean
+ keepHistory:
+ description: KeepHistory tells Helm to remove all associated resources
+ and mark the release as deleted, but retain the release history.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ upgrade:
+ description: Upgrade holds the configuration for Helm upgrade actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm upgrade action when it fails.
+ type: boolean
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
+ if omitted CRDs are neither installed nor upgraded. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are not applied during Helm upgrade action. With this option
+ users can opt-in to CRD upgrade, which is not (yet) natively
+ supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm upgrade action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm upgrade
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm upgrade has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm upgrade has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ preserveValues:
+ description: PreserveValues will make Helm reuse the last release's
+ values and merge in overrides from 'Values'. Setting this flag
+ makes the HelmRelease non-declarative.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm upgrade action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an upgrade
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false' unless 'Retries' is greater than 0.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ 'Strategy', is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ strategy:
+ description: Strategy to use for failure remediation. Defaults
+ to 'rollback'.
+ enum:
+ - rollback
+ - uninstall
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ values:
+ description: Values holds the values for this Helm release.
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFrom:
+ description: ValuesFrom holds references to resources containing Helm
+ values for this HelmRelease, and information about how they should
+ be merged.
+ items:
+ description: ValuesReference contains a reference to a resource
+ containing Helm values, and optionally the key they can be found
+ at.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are ('Secret',
+ 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside in the
+ same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ description: Optional marks this ValuesReference as optional.
+ When set, a not found error for the values reference is ignored,
+ but any ValuesKey, TargetPath or transient error will still
+ result in a reconciliation failure.
+ type: boolean
+ targetPath:
+ description: TargetPath is the YAML dot notation path the value
+ should be merged at. When set, the ValuesKey is expected to
+ be a single flat value. Defaults to 'None', which results
+ in the values getting merged at the root.
+ maxLength: 250
+ pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
+ type: string
+ valuesKey:
+ description: ValuesKey is the data key where the values.yaml
+ or a specific value can be found at. Defaults to 'values.yaml'.
+ maxLength: 253
+ pattern: ^[\-._a-zA-Z0-9]+$
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - chart
+ - interval
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmReleaseStatus defines the observed state of a HelmRelease.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the HelmRelease.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ failures:
+ description: Failures is the reconciliation failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ helmChart:
+ description: HelmChart is the namespaced name of the HelmChart resource
+ created by the controller for the HelmRelease.
+ type: string
+ history:
+ description: History holds the history of Helm releases performed
+ for this HelmRelease up to the last successfully completed release.
+ items:
+ description: Snapshot captures a point-in-time copy of the status
+ information for a Helm release, as managed by the controller.
+ properties:
+ apiVersion:
+ description: 'APIVersion is the API version of the Snapshot.
+ Provisional: when the calculation method of the Digest field
+ is changed, this field will be used to distinguish between
+ the old and new methods.'
+ type: string
+ chartName:
+ description: ChartName is the chart name of the release object
+ in storage.
+ type: string
+ chartVersion:
+ description: ChartVersion is the chart version of the release
+ object in storage.
+ type: string
+ configDigest:
+ description: ConfigDigest is the checksum of the config (better
+ known as "values") of the release object in storage. It has
+ the format of `:`.
+ type: string
+ deleted:
+ description: Deleted is when the release was deleted.
+ format: date-time
+ type: string
+ digest:
+ description: Digest is the checksum of the release object in
+ storage. It has the format of `:`.
+ type: string
+ firstDeployed:
+ description: FirstDeployed is when the release was first deployed.
+ format: date-time
+ type: string
+ lastDeployed:
+ description: LastDeployed is when the release was last deployed.
+ format: date-time
+ type: string
+ name:
+ description: Name is the name of the release.
+ type: string
+ namespace:
+ description: Namespace is the namespace the release is deployed
+ to.
+ type: string
+ status:
+ description: Status is the current state of the release.
+ type: string
+ testHooks:
+ additionalProperties:
+ description: TestHookStatus holds the status information for
+ a test hook as observed to be run by the controller.
+ properties:
+ lastCompleted:
+ description: LastCompleted is the time the test hook last
+ completed.
+ format: date-time
+ type: string
+ lastStarted:
+ description: LastStarted is the time the test hook was
+ last started.
+ format: date-time
+ type: string
+ phase:
+ description: Phase the test hook was observed to be in.
+ type: string
+ type: object
+ description: TestHooks is the list of test hooks for the release
+ as observed to be run by the controller.
+ type: object
+ version:
+ description: Version is the version of the release object in
+ storage.
+ type: integer
+ required:
+ - chartName
+ - chartVersion
+ - configDigest
+ - digest
+ - firstDeployed
+ - lastDeployed
+ - name
+ - namespace
+ - status
+ - version
+ type: object
+ type: array
+ installFailures:
+ description: InstallFailures is the install failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ lastAppliedRevision:
+ description: 'LastAppliedRevision is the revision of the last successfully
+ applied source. Deprecated: the revision can now be found in the
+ History.'
+ type: string
+ lastAttemptedConfigDigest:
+ description: LastAttemptedConfigDigest is the digest for the config
+ (better known as "values") of the last reconciliation attempt.
+ type: string
+ lastAttemptedGeneration:
+ description: LastAttemptedGeneration is the last generation the controller
+ attempted to reconcile.
+ format: int64
+ type: integer
+ lastAttemptedReleaseAction:
+ description: LastAttemptedReleaseAction is the last release action
+ performed for this HelmRelease. It is used to determine the active
+ remediation strategy.
+ enum:
+ - install
+ - upgrade
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the Source revision of the last
+ reconciliation attempt.
+ type: string
+ lastAttemptedValuesChecksum:
+ description: 'LastAttemptedValuesChecksum is the SHA1 checksum for
+ the values of the last reconciliation attempt. Deprecated: Use LastAttemptedConfigDigest
+ instead.'
+ type: string
+ lastHandledForceAt:
+ description: LastHandledForceAt holds the value of the most recent
+ force request value, so a change of the annotation value can be
+ detected.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ lastHandledResetAt:
+ description: LastHandledResetAt holds the value of the most recent
+ reset request value, so a change of the annotation value can be
+ detected.
+ type: string
+ lastReleaseRevision:
+ description: 'LastReleaseRevision is the revision of the last successful
+ Helm release. Deprecated: Use History instead.'
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ storageNamespace:
+ description: StorageNamespace is the namespace of the Helm release
+ storage for the current release.
+ maxLength: 63
+ minLength: 1
+ type: string
upgradeFailures:
description: UpgradeFailures is the upgrade failure count against
the latest desired state. It is reset after a successful reconciliation.
diff --git a/charts/ace-installer/crds/source.toolkit.fluxcd.io_helmrepositories.yaml b/charts/ace-installer/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
index 2b2974390..a10978406 100644
--- a/charts/ace-installer/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
+++ b/charts/ace-installer/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.12.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -90,7 +90,7 @@ spec:
description: The name of the secret containing authentication credentials
for the Helm repository. For HTTP/S basic auth the secret must contain
username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
+ certFile and keyFile, and/or caFile fields.
properties:
name:
description: Name of the referent.
@@ -295,8 +295,32 @@ spec:
required:
- namespaceSelectors
type: object
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n It takes precedence over the values specified in the Secret referred
+ to by `.spec.secretRef`."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP container
+ registry. This field is only taken into account if the .spec.type
+ field is set to 'oci'.
+ type: boolean
interval:
- description: Interval at which to check the URL for updates.
+ description: Interval at which the HelmRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
passCredentials:
@@ -322,8 +346,9 @@ spec:
secretRef:
description: SecretRef specifies the Secret containing authentication
credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
+ must contain 'username' and 'password' fields. Support for TLS auth
+ using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
+ Please use `.spec.certSecretRef` instead.
properties:
name:
description: Name of the referent.
@@ -336,10 +361,10 @@ spec:
of this HelmRepository.
type: boolean
timeout:
- default: 60s
description: Timeout is used for the index fetch operation for an
HTTPS helm repository, and for remote OCI Repository operations
- like pulling for an OCI helm repository. Its default value is 60s.
+ like pulling for an OCI helm chart by the associated HelmChart.
+ Its default value is 60s.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
@@ -352,9 +377,9 @@ spec:
url:
description: URL of the Helm repository, a valid URL contains at least
a protocol and host.
+ pattern: ^(http|https|oci)://.*$
type: string
required:
- - interval
- url
type: object
status:
@@ -366,8 +391,9 @@ spec:
description: Artifact represents the last successful HelmRepository
reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
+ digest:
+ description: Digest is the digest of the file in the form of ':'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
@@ -400,7 +426,9 @@ spec:
the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
diff --git a/charts/ace-installer/templates/apps/ace/ace.yaml b/charts/ace-installer/templates/apps/ace/ace.yaml
index 8feeba923..0a7551c14 100644
--- a/charts/ace-installer/templates/apps/ace/ace.yaml
+++ b/charts/ace-installer/templates/apps/ace/ace.yaml
@@ -1,7 +1,7 @@
{{- with (index .Values "helm" "releases" "ace") }}
{{- if .enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: ace
diff --git a/charts/ace-installer/templates/apps/cert-manager/cert-manager-csi-driver-cacerts.yaml b/charts/ace-installer/templates/apps/cert-manager/cert-manager-csi-driver-cacerts.yaml
index e13855bc7..1dc16af90 100644
--- a/charts/ace-installer/templates/apps/cert-manager/cert-manager-csi-driver-cacerts.yaml
+++ b/charts/ace-installer/templates/apps/cert-manager/cert-manager-csi-driver-cacerts.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager-csi-driver-cacerts
diff --git a/charts/ace-installer/templates/apps/cert-manager/cert-manager-webhook-ace.yaml b/charts/ace-installer/templates/apps/cert-manager/cert-manager-webhook-ace.yaml
index 1d0faf2cf..78ffa4823 100644
--- a/charts/ace-installer/templates/apps/cert-manager/cert-manager-webhook-ace.yaml
+++ b/charts/ace-installer/templates/apps/cert-manager/cert-manager-webhook-ace.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager-webhook-ace
diff --git a/charts/ace-installer/templates/apps/cert-manager/cert-manager.yaml b/charts/ace-installer/templates/apps/cert-manager/cert-manager.yaml
index df6d7eccb..89cd31274 100644
--- a/charts/ace-installer/templates/apps/cert-manager/cert-manager.yaml
+++ b/charts/ace-installer/templates/apps/cert-manager/cert-manager.yaml
@@ -19,7 +19,7 @@ cainjector:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager
diff --git a/charts/ace-installer/templates/apps/kubedb/kubedb.yaml b/charts/ace-installer/templates/apps/kubedb/kubedb.yaml
index 8a1ba3534..af91cb813 100644
--- a/charts/ace-installer/templates/apps/kubedb/kubedb.yaml
+++ b/charts/ace-installer/templates/apps/kubedb/kubedb.yaml
@@ -10,7 +10,7 @@ global:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: kubedb
diff --git a/charts/ace-installer/templates/apps/kubeops/docker-machine-operator.yaml b/charts/ace-installer/templates/apps/kubeops/docker-machine-operator.yaml
index a3eb34760..5642d64b0 100644
--- a/charts/ace-installer/templates/apps/kubeops/docker-machine-operator.yaml
+++ b/charts/ace-installer/templates/apps/kubeops/docker-machine-operator.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: docker-machine-operator
diff --git a/charts/ace-installer/templates/apps/kubeops/external-dns-operator.yaml b/charts/ace-installer/templates/apps/kubeops/external-dns-operator.yaml
index b048b2e18..4553eb655 100644
--- a/charts/ace-installer/templates/apps/kubeops/external-dns-operator.yaml
+++ b/charts/ace-installer/templates/apps/kubeops/external-dns-operator.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: external-dns-operator
diff --git a/charts/ace-installer/templates/apps/kubeops/kube-ui-server.yaml b/charts/ace-installer/templates/apps/kubeops/kube-ui-server.yaml
index 31bc57ee1..b8ab694de 100644
--- a/charts/ace-installer/templates/apps/kubeops/kube-ui-server.yaml
+++ b/charts/ace-installer/templates/apps/kubeops/kube-ui-server.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: kube-ui-server
diff --git a/charts/ace-installer/templates/apps/kubeops/license-proxyserver.yaml b/charts/ace-installer/templates/apps/kubeops/license-proxyserver.yaml
index 6c15ff1ea..8c08c4dfa 100644
--- a/charts/ace-installer/templates/apps/kubeops/license-proxyserver.yaml
+++ b/charts/ace-installer/templates/apps/kubeops/license-proxyserver.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: license-proxyserver
diff --git a/charts/ace-installer/templates/apps/kubeops/reloader.yaml b/charts/ace-installer/templates/apps/kubeops/reloader.yaml
index be74afb0d..b8bc64d7e 100644
--- a/charts/ace-installer/templates/apps/kubeops/reloader.yaml
+++ b/charts/ace-installer/templates/apps/kubeops/reloader.yaml
@@ -11,7 +11,7 @@ reloader:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: reloader
diff --git a/charts/ace-installer/templates/apps/monitoring/kube-prometheus-stack.yaml b/charts/ace-installer/templates/apps/monitoring/kube-prometheus-stack.yaml
index 0491b49fd..d9cb7ac82 100644
--- a/charts/ace-installer/templates/apps/monitoring/kube-prometheus-stack.yaml
+++ b/charts/ace-installer/templates/apps/monitoring/kube-prometheus-stack.yaml
@@ -86,7 +86,7 @@ grafana:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $alertmanager $prometheusOperator $prometheus $thanosRuler $ksm $node $grafana }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: kube-prometheus-stack
diff --git a/charts/ace-installer/templates/apps/monitoring/panopticon.yaml b/charts/ace-installer/templates/apps/monitoring/panopticon.yaml
index 3705fbf97..590f3a64b 100644
--- a/charts/ace-installer/templates/apps/monitoring/panopticon.yaml
+++ b/charts/ace-installer/templates/apps/monitoring/panopticon.yaml
@@ -6,7 +6,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: panopticon
diff --git a/charts/ace-installer/templates/apps/opscenter-features/opscenter-features.yaml b/charts/ace-installer/templates/apps/opscenter-features/opscenter-features.yaml
index 26fb98724..033d4c212 100644
--- a/charts/ace-installer/templates/apps/opscenter-features/opscenter-features.yaml
+++ b/charts/ace-installer/templates/apps/opscenter-features/opscenter-features.yaml
@@ -9,7 +9,7 @@
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: opscenter-features
diff --git a/charts/ace-installer/templates/apps/stash/stash.yaml b/charts/ace-installer/templates/apps/stash/stash.yaml
index abd556132..e05512bae 100644
--- a/charts/ace-installer/templates/apps/stash/stash.yaml
+++ b/charts/ace-installer/templates/apps/stash/stash.yaml
@@ -15,7 +15,7 @@ stash-enterprise:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: stash
diff --git a/charts/ace-installer/values.yaml b/charts/ace-installer/values.yaml
index 10fac24ed..bff98b071 100644
--- a/charts/ace-installer/values.yaml
+++ b/charts/ace-installer/values.yaml
@@ -68,7 +68,7 @@ helm:
version: "v2023.10.1"
flux2:
enabled: false
- version: "2.11.1"
+ version: "2.12.1"
kube-prometheus-stack:
enabled: true
version: "52.1.0"
diff --git a/charts/ace-ocm-addons/templates/manifestrelicaset.yaml b/charts/ace-ocm-addons/templates/manifestrelicaset.yaml
index e7151249a..749205583 100644
--- a/charts/ace-ocm-addons/templates/manifestrelicaset.yaml
+++ b/charts/ace-ocm-addons/templates/manifestrelicaset.yaml
@@ -87,7 +87,7 @@ spec:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
- - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: opscenter-features
@@ -131,7 +131,7 @@ spec:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
- - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: license-proxyserver
@@ -179,7 +179,7 @@ spec:
{{ $vals := dig "values" dict . }}
{{ $vals = mergeOverwrite $vals $overrides }}
- - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+ - apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: kube-ui-server
diff --git a/charts/ace/crds/cloud.bytebuilders.dev_credentials.yaml b/charts/ace/crds/cloud.bytebuilders.dev_credentials.yaml
index 481d3cec2..c48b8f80d 100644
--- a/charts/ace/crds/cloud.bytebuilders.dev_credentials.yaml
+++ b/charts/ace/crds/cloud.bytebuilders.dev_credentials.yaml
@@ -94,10 +94,6 @@ spec:
properties:
accessToken:
type: string
- clientID:
- type: string
- clientSecret:
- type: string
expiry:
format: int64
type: integer
@@ -109,8 +105,6 @@ spec:
type: array
required:
- accessToken
- - clientID
- - clientSecret
type: object
linode:
properties:
diff --git a/charts/ace/crds/cluster.bytebuilders.dev_clusteruserauths.yaml b/charts/ace/crds/cluster.bytebuilders.dev_clusteruserauths.yaml
index c041a4998..2dbd5e7ef 100644
--- a/charts/ace/crds/cluster.bytebuilders.dev_clusteruserauths.yaml
+++ b/charts/ace/crds/cluster.bytebuilders.dev_clusteruserauths.yaml
@@ -109,10 +109,6 @@ spec:
properties:
accessToken:
type: string
- clientID:
- type: string
- clientSecret:
- type: string
expiry:
format: int64
type: integer
@@ -120,8 +116,6 @@ spec:
type: string
required:
- accessToken
- - clientID
- - clientSecret
type: object
impersonate:
description: Impersonate is the username to act-as.
diff --git a/charts/opscenter-features/README.md b/charts/opscenter-features/README.md
index b810293ad..998a54389 100644
--- a/charts/opscenter-features/README.md
+++ b/charts/opscenter-features/README.md
@@ -69,7 +69,7 @@ The following table lists the configurable parameters of the `opscenter-features
| helm.releases.external-dns-operator.version | | "v2023.10.1" |
| helm.releases.falco.version | | "3.8.4" |
| helm.releases.falco-ui-server.version | | "v2023.10.1" |
-| helm.releases.flux2.version | | "2.11.1" |
+| helm.releases.flux2.version | | "2.12.1" |
| helm.releases.gatekeeper.version | | "3.13.3" |
| helm.releases.gatekeeper-grafana-dashboards.version | | "v2023.10.1" |
| helm.releases.gatekeeper-library.version | | "v2023.10.1" |
diff --git a/charts/opscenter-features/crds/source.toolkit.fluxcd.io_helmrepositories.yaml b/charts/opscenter-features/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
index 2b2974390..a10978406 100644
--- a/charts/opscenter-features/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
+++ b/charts/opscenter-features/crds/source.toolkit.fluxcd.io_helmrepositories.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.8.0
+ controller-gen.kubebuilder.io/version: v0.12.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -90,7 +90,7 @@ spec:
description: The name of the secret containing authentication credentials
for the Helm repository. For HTTP/S basic auth the secret must contain
username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
+ certFile and keyFile, and/or caFile fields.
properties:
name:
description: Name of the referent.
@@ -295,8 +295,32 @@ spec:
required:
- namespaceSelectors
type: object
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n It takes precedence over the values specified in the Secret referred
+ to by `.spec.secretRef`."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP container
+ registry. This field is only taken into account if the .spec.type
+ field is set to 'oci'.
+ type: boolean
interval:
- description: Interval at which to check the URL for updates.
+ description: Interval at which the HelmRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
passCredentials:
@@ -322,8 +346,9 @@ spec:
secretRef:
description: SecretRef specifies the Secret containing authentication
credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
+ must contain 'username' and 'password' fields. Support for TLS auth
+ using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
+ Please use `.spec.certSecretRef` instead.
properties:
name:
description: Name of the referent.
@@ -336,10 +361,10 @@ spec:
of this HelmRepository.
type: boolean
timeout:
- default: 60s
description: Timeout is used for the index fetch operation for an
HTTPS helm repository, and for remote OCI Repository operations
- like pulling for an OCI helm repository. Its default value is 60s.
+ like pulling for an OCI helm chart by the associated HelmChart.
+ Its default value is 60s.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
@@ -352,9 +377,9 @@ spec:
url:
description: URL of the Helm repository, a valid URL contains at least
a protocol and host.
+ pattern: ^(http|https|oci)://.*$
type: string
required:
- - interval
- url
type: object
status:
@@ -366,8 +391,9 @@ spec:
description: Artifact represents the last successful HelmRepository
reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
+ digest:
+ description: Digest is the digest of the file in the form of ':'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
@@ -400,7 +426,9 @@ spec:
the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
diff --git a/charts/opscenter-features/values.yaml b/charts/opscenter-features/values.yaml
index 8040d411b..590930501 100644
--- a/charts/opscenter-features/values.yaml
+++ b/charts/opscenter-features/values.yaml
@@ -66,7 +66,7 @@ helm:
falco-ui-server:
version: "v2023.10.1"
flux2:
- version: "2.11.1"
+ version: "2.12.1"
gatekeeper:
version: "3.13.3"
gatekeeper-grafana-dashboards:
diff --git a/hack/scripts/import-crds.sh b/hack/scripts/import-crds.sh
index 768d54f23..90b863b91 100755
--- a/hack/scripts/import-crds.sh
+++ b/hack/scripts/import-crds.sh
@@ -15,8 +15,8 @@
# limitations under the License.
BYTEBUILDERS_RESOURCE_MODEL_TAG=${BYTEBUILDERS_RESOURCE_MODEL_TAG:-master}
-FLUXCD_HELM_CONTROLLER=${FLUXCD_HELM_CONTROLLER:-v0.32.2}
-FLUXCD_SOURCE_CONTROLLER=${FLUXCD_SOURCE_CONTROLLER:-v0.30.1}
+FLUXCD_HELM_CONTROLLER=${FLUXCD_HELM_CONTROLLER:-v0.37.1}
+FLUXCD_SOURCE_CONTROLLER=${FLUXCD_SOURCE_CONTROLLER:-v1.2.3}
HELM_X_APIMACHINERY_TAG=${HELM_X_APIMACHINERY_TAG:-master}
KMODULES_RESOURCE_METADATA_TAG=${KMODULES_RESOURCE_METADATA_TAG:-v0.12.1}
KUBEOPS_EXTERNAL_DNS_OPERATOR=${KUBEOPS_EXTERNAL_DNS_OPERATOR:-v0.0.6}