From 8dfb8173ce7425e4165c33dc58f51c2128b73d9c Mon Sep 17 00:00:00 2001 From: devmike18 Date: Sat, 27 Sep 2025 12:12:55 +0000 Subject: [PATCH] chore(deps): upgrade flux components to v2.6.4 --- cluster/base/flux-system/gotk-components.yaml | 619 ++++++++++++++++-- 1 file changed, 572 insertions(+), 47 deletions(-) diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index e18181c21..de2272198 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.4.0 +# Flux Version: v2.6.4 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: critical-pods-flux-system namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: crd-controller-flux-system rules: - apiGroups: @@ -122,6 +122,12 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create - nonResourceURLs: - /livez/ping verbs: @@ -133,7 +139,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -159,7 +165,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -184,7 +190,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -204,7 +210,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -239,7 +245,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1228,7 +1234,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1330,11 +1336,12 @@ spec: type: string provider: description: |- - Provider used for authentication, can be 'azure', 'generic'. + Provider used for authentication, can be 'azure', 'github', 'generic'. When not specified, defaults to 'generic'. enum: - generic - azure + - github type: string proxySecretRef: description: |- @@ -1398,6 +1405,14 @@ spec: required: - name type: object + sparseCheckout: + description: |- + SparseCheckout specifies a list of directories to checkout when cloning + the repository. If specified, only these directories are included in the + Artifact produced for this GitRepository. + items: + type: string + type: array suspend: description: |- Suspend tells the controller to suspend the reconciliation of this @@ -1667,6 +1682,13 @@ spec: ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact. type: boolean + observedSparseCheckout: + description: |- + ObservedSparseCheckout is the observed list of directories used to + produce the current Artifact. + items: + type: string + type: array sourceVerificationMode: description: |- SourceVerificationMode is the last used verification mode indicating @@ -2490,7 +2512,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3471,7 +3493,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4320,7 +4342,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4346,6 +4368,400 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date + name: v1 + schema: + openAPIV3Schema: + description: OCIRepository is the Schema for the ocirepositories API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCIRepositorySpec defines the desired state of OCIRepository + properties: + certSecretRef: + description: |- + CertSecretRef can be given the name of a Secret containing + either or both of + + - a PEM-encoded client certificate (`tls.crt`) and private + key (`tls.key`); + - a PEM-encoded CA certificate (`ca.crt`) + + and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are + authenticating with a certificate; the CA cert is useful if + you are using a self-signed server certificate. The Secret must + be of type `Opaque` or `kubernetes.io/tls`. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ignore: + description: |- + Ignore overrides the set of excluded patterns in the .sourceignore format + (which is the same as .gitignore). If not provided, a default will be used, + consult the documentation for your version to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP container + registry. + type: boolean + interval: + description: |- + Interval at which the OCIRepository URL is checked for updates. + This interval is approximate and may be subject to jitter to ensure + efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + layerSelector: + description: |- + LayerSelector specifies which layer should be extracted from the OCI artifact. + When not specified, the first layer found in the artifact is selected. + properties: + mediaType: + description: |- + MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The + first layer matching this type is selected. + type: string + operation: + description: |- + Operation specifies how the selected layer should be processed. + By default, the layer compressed content is extracted to storage. + When the operation is set to 'copy', the layer compressed content + is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + provider: + default: generic + description: |- + The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. + When not specified, defaults to 'generic'. + enum: + - generic + - aws + - azure + - gcp + type: string + proxySecretRef: + description: |- + ProxySecretRef specifies the Secret containing the proxy configuration + to use while communicating with the container registry. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ref: + description: |- + The OCI reference to pull and monitor for changes, + defaults to the latest tag. + properties: + digest: + description: |- + Digest is the image digest to pull, takes precedence over SemVer. + The value should be in the format 'sha256:'. + type: string + semver: + description: |- + SemVer is the range of tags to pull selecting the latest within + the range, takes precedence over Tag. + type: string + semverFilter: + description: SemverFilter is a regex pattern to filter the tags + within the SemVer range. + type: string + tag: + description: Tag is the image tag to pull, defaults to latest. + type: string + type: object + secretRef: + description: |- + SecretRef contains the secret name containing the registry login + credentials to resolve image metadata. + The secret must be of type kubernetes.io/dockerconfigjson. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate + the image pull if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote OCI Repository operations like + pulling, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: |- + URL is a reference to an OCI artifact repository hosted + on a remote container registry. + pattern: ^oci://.*$ + type: string + verify: + description: |- + Verify contains the secret name containing the trusted public keys + used to verify the signature and specifies which provider to use to check + whether OCI image is authentic. + properties: + matchOIDCIdentity: + description: |- + MatchOIDCIdentity specifies the identity matching criteria to use + while verifying an OCI artifact which was signed using Cosign keyless + signing. The artifact's identity is deemed to be verified if any of the + specified matchers match against the identity. + items: + description: |- + OIDCIdentityMatch specifies options for verifying the certificate identity, + i.e. the issuer and the subject of the certificate. + properties: + issuer: + description: |- + Issuer specifies the regex pattern to match against to verify + the OIDC issuer in the Fulcio certificate. The pattern must be a + valid Go regular expression. + type: string + subject: + description: |- + Subject specifies the regex pattern to match against to verify + the identity subject in the Fulcio certificate. The pattern must + be a valid Go regular expression. + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: |- + SecretRef specifies the Kubernetes Secret containing the + trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: OCIRepositoryStatus defines the observed state of OCIRepository + properties: + artifact: + description: Artifact represents the output of the last successful + OCI Repository sync. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the timestamp corresponding to the last update of the + Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: |- + Path is the relative file path of the Artifact. It can be used to locate + the file in the root of the Artifact storage on the local file system of + the controller managing the Source. + type: string + revision: + description: |- + Revision is a human-readable identifier traceable in the origin source + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: |- + URL is the HTTP address of the Artifact as exposed by the controller + managing the Source. It can be used to retrieve the Artifact for + consumption, e.g. by another controller applying the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the OCIRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedIgnore: + description: |- + ObservedIgnore is the observed exclusion patterns used for constructing + the source artifact. + type: string + observedLayerSelector: + description: |- + ObservedLayerSelector is the observed layer selector used for constructing + the source artifact. + properties: + mediaType: + description: |- + MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The + first layer matching this type is selected. + type: string + operation: + description: |- + Operation specifies how the selected layer should be processed. + By default, the layer compressed content is extracted to storage. + When the operation is set to 'copy', the layer compressed content + is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + url: + description: URL is the download link for the artifact output of the + last OCI Repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: @@ -4739,7 +5155,7 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -4750,7 +5166,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: source-controller namespace: flux-system --- @@ -4761,7 +5177,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: source-controller namespace: flux-system @@ -4782,7 +5198,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: source-controller namespace: flux-system @@ -4827,7 +5243,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.4.1 + image: ghcr.io/fluxcd/source-controller:v1.6.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4891,7 +5307,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -4974,8 +5390,11 @@ spec: - sops type: string secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. + description: |- + The secret name containing the private OpenPGP keys used for decryption. + A static credential for a cloud provider defined inside the Secret + takes priority to secret-less authentication with the ServiceAccountName + field. properties: name: description: Name of the referent. @@ -4983,9 +5402,29 @@ spec: required: - name type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the service account used to + authenticate with KMS services from cloud providers. If a + static credential for a given cloud provider is defined + inside the Secret referenced by SecretRef, that static + credential takes priority. + type: string required: - provider type: object + deletionPolicy: + description: |- + DeletionPolicy can be used to control garbage collection when this + Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete', + 'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field + (orphan if false, delete if true). Defaults to 'MirrorPrune'. + enum: + - MirrorPrune + - Delete + - WaitForTermination + - Orphan + type: string dependsOn: description: |- DependsOn may contain a meta.NamespacedObjectReference slice @@ -5013,6 +5452,42 @@ spec: Force instructs the controller to recreate resources when patching fails due to an immutable field change. type: boolean + healthCheckExprs: + description: |- + HealthCheckExprs is a list of healthcheck expressions for evaluating the + health of custom resources using Common Expression Language (CEL). + The expressions are evaluated only when Wait or HealthChecks are specified. + items: + description: CustomHealthCheck defines the health check for custom + resources. + properties: + apiVersion: + description: APIVersion of the custom resource under evaluation. + type: string + current: + description: |- + Current is the CEL expression that determines if the status + of the custom resource has reached the desired state. + type: string + failed: + description: |- + Failed is the CEL expression that determines if the status + of the custom resource has failed to reach the desired state. + type: string + inProgress: + description: |- + InProgress is the CEL expression that determines if the status + of the custom resource has not yet reached the desired state. + type: string + kind: + description: Kind of the custom resource under evaluation. + type: string + required: + - apiVersion + - current + - kind + type: object + type: array healthChecks: description: A list of resources to be included in the health assessment. items: @@ -5397,6 +5872,14 @@ spec: required: - entries type: object + lastAppliedOriginRevision: + description: |- + The last successfully applied origin revision. + Equals the origin revision of the applied Artifact from the referenced Source. + Usually present on the Metadata of the applied Artifact and depends on the + Source type, e.g. for OCI it's the value associated with the key + "org.opencontainers.image.revision". + type: string lastAppliedRevision: description: |- The last successfully applied revision. @@ -6611,7 +7094,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: kustomize-controller namespace: flux-system --- @@ -6622,7 +7105,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: kustomize-controller namespace: flux-system @@ -6661,7 +7144,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.4.0 + image: ghcr.io/fluxcd/kustomize-controller:v1.6.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6718,7 +7201,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -7085,6 +7568,11 @@ spec: DisableSchemaValidation prevents the Helm install action from validating the values against the JSON Schema. type: boolean + disableTakeOwnership: + description: |- + DisableTakeOwnership disables taking ownership of existing resources + during the Helm install action. Defaults to false. + type: boolean disableWait: description: |- DisableWait disables the waiting for resources to be ready after a Helm @@ -7499,6 +7987,11 @@ spec: DisableSchemaValidation prevents the Helm upgrade action from validating the values against the JSON Schema. type: boolean + disableTakeOwnership: + description: |- + DisableTakeOwnership disables taking ownership of existing resources + during the Helm upgrade action. Defaults to false. + type: boolean disableWait: description: |- DisableWait disables the waiting for resources to be ready after a Helm @@ -10403,7 +10896,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: helm-controller namespace: flux-system --- @@ -10414,7 +10907,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: helm-controller namespace: flux-system @@ -10453,7 +10946,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.1.0 + image: ghcr.io/fluxcd/helm-controller:v1.3.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -10510,7 +11003,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10809,12 +11302,12 @@ spec: description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -11026,12 +11519,12 @@ spec: description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -11064,8 +11557,9 @@ spec: - name type: object summary: - description: Summary holds a short description of the impact and affected - cluster. + description: |- + Summary holds a short description of the impact and affected cluster. + Deprecated: Use EventMetadata instead. maxLength: 255 type: string suspend: @@ -11091,7 +11585,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -11548,6 +12042,14 @@ spec: should be posted. maxLength: 2048 type: string + commitStatusExpr: + description: |- + CommitStatusExpr is a CEL expression that evaluates to a string value + that can be used to generate a custom commit status message for use + with eligible Provider types (github, gitlab, gitea, bitbucketserver, + bitbucket, azuredevops). Supported variables are: event, provider, + and alert. + type: string interval: description: |- Interval at which to reconcile the Provider with its Secret references. @@ -11570,6 +12072,13 @@ spec: required: - name type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the service account used to + authenticate with services from cloud providers. An error is thrown if a + static credential is also defined inside the Secret referenced by the + SecretRef. + type: string suspend: description: |- Suspend tells the controller to suspend subsequent @@ -11617,6 +12126,12 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', + 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types + rule: self.type == 'github' || self.type == 'gitlab' || self.type == + 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' + || self.type == 'azuredevops' || !has(self.commitStatusExpr) type: object served: true storage: true @@ -11631,7 +12146,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -11690,6 +12205,16 @@ spec: Secret references. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string + resourceFilter: + description: |- + ResourceFilter is a CEL expression expected to return a boolean that is + evaluated for each resource referenced in the Resources field when a + webhook is received. If the expression returns false then the controller + will not request a reconciliation for the resource. + When the expression is specified the controller will parse it and mark + the object as terminally failed if the expression is invalid or does not + return a boolean. + type: string resources: description: A list of resources to be notified about changes. items: @@ -11727,12 +12252,12 @@ spec: description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -12154,12 +12679,12 @@ spec: description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -12303,7 +12828,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 name: notification-controller namespace: flux-system --- @@ -12314,7 +12839,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: notification-controller namespace: flux-system @@ -12335,7 +12860,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: webhook-receiver namespace: flux-system @@ -12356,7 +12881,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.4.0 + app.kubernetes.io/version: v2.6.4 control-plane: controller name: notification-controller namespace: flux-system @@ -12394,7 +12919,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.4.0 + image: ghcr.io/fluxcd/notification-controller:v1.6.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: