diff --git a/clusters/env/production/flux-system/gotk-components.yaml b/clusters/env/production/flux-system/gotk-components.yaml index 26f5144c8..7a336694a 100644 --- a/clusters/env/production/flux-system/gotk-components.yaml +++ b/clusters/env/production/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.8.7 +# Flux Version: v2.9.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -231,7 +231,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -257,7 +257,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -277,7 +277,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -310,16 +310,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: Bucket listKind: BucketList plural: buckets @@ -697,19 +701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: ExternalArtifact listKind: ExternalArtifactList plural: externalartifacts + shortNames: + - ea singular: externalartifact scope: Namespaced versions: @@ -893,16 +903,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: GitRepository listKind: GitRepositoryList plural: gitrepositories @@ -1000,10 +1014,11 @@ spec: type: string provider: description: |- - Provider used for authentication, can be 'azure', 'github', 'generic'. + Provider used for authentication, can be 'aws', 'azure', 'github', 'generic'. When not specified, defaults to 'generic'. enum: - generic + - aws - azure - github type: string @@ -1072,7 +1087,7 @@ spec: serviceAccountName: description: |- ServiceAccountName is the name of the Kubernetes ServiceAccount used to - authenticate to the GitRepository. This field is only supported for 'azure' provider. + authenticate to the GitRepository. This field is only supported for 'azure' and 'aws' providers. type: string sparseCheckout: description: |- @@ -1120,7 +1135,8 @@ spec: secretRef: description: |- SecretRef specifies the Secret containing the public keys of trusted Git - authors. + authors. PGP public keys must be stored under keys with the .asc suffix, + and SSH public keys must be stored under keys with the .sshpub suffix. properties: name: description: Name of the referent. @@ -1137,8 +1153,9 @@ spec: type: object x-kubernetes-validations: - message: serviceAccountName can only be set when provider is 'azure' - rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider - == ''azure'')' + or 'aws' + rule: '!has(self.serviceAccountName) || (has(self.provider) && (self.provider + == ''azure'' || self.provider == ''aws''))' status: default: observedGeneration: -1 @@ -1380,16 +1397,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: HelmChart listKind: HelmChartList plural: helmcharts @@ -1739,16 +1760,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: HelmRepository listKind: HelmRepositoryList plural: helmrepositories @@ -2065,16 +2090,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-sources kind: OCIRepository listKind: OCIRepositoryList plural: ocirepositories @@ -2313,6 +2342,19 @@ spec: required: - name type: object + trustedRootSecretRef: + description: |- + TrustedRootSecretRef specifies the Kubernetes Secret containing a + Sigstore trusted_root.json file. This enables verification against + self-hosted Sigstore infrastructure (custom Fulcio CA, self-hosted + Rekor instance). The Secret must contain a key named "trusted_root.json". + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object required: - provider type: object @@ -2484,7 +2526,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: source-controller namespace: flux-system --- @@ -2495,7 +2537,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: source-controller namespace: flux-system @@ -2516,7 +2558,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: source-controller namespace: flux-system @@ -2537,7 +2579,7 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 spec: containers: - args: @@ -2560,7 +2602,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.8.4 + image: ghcr.io/fluxcd/source-controller:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2619,16 +2661,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-appliers kind: Kustomization listKind: KustomizationList plural: kustomizations @@ -2674,6 +2720,20 @@ spec: KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize. properties: + buildMetadata: + description: |- + BuildMetadata specifies which kustomize build metadata should be added + to the built resources. The allowed values are 'originAnnotations' to + annotate resources with their source origin, and 'transformerAnnotations' + to annotate resources with the transformers that produced them. + items: + description: BuildMetadataOption defines the supported buildMetadata + options. + enum: + - originAnnotations + - transformerAnnotations + type: string + type: array commonMetadata: description: |- CommonMetadata specifies the common labels and annotations that are @@ -2747,16 +2807,17 @@ spec: with references to Kustomization resources that must be ready before this Kustomization can be reconciled. items: - description: DependencyReference defines a Kustomization dependency - on another Kustomization resource. + description: |- + DependencyReference contains enough information to locate the referenced Kubernetes resource object + and optional CEL expression to assess its readiness. properties: name: description: Name of the referent. type: string namespace: description: |- - Namespace of the referent, defaults to the namespace of the Kustomization - resource object that contains the reference. + Namespace of the referent, defaults to the namespace of the resource + object that contains the reference. type: string readyExpr: description: |- @@ -2809,7 +2870,6 @@ spec: required: - apiVersion - current - - kind type: object type: array healthChecks: @@ -2838,6 +2898,73 @@ spec: - name type: object type: array + ignore: + description: |- + Ignore is a list of rules for specifying which changes to ignore + during drift detection. These rules are applied to the resources managed + by the Kustomization and are used to exclude specific JSON pointer paths + from the drift detection and apply process. + items: + description: |- + IgnoreRule defines a rule to selectively disregard specific changes during + the drift detection process. + properties: + paths: + description: |- + Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from + consideration in a Kubernetes object. + items: + type: string + type: array + target: + description: |- + Target is a selector for specifying Kubernetes objects to which this + rule applies. + If Target is not set, the Paths will be ignored for all Kubernetes + objects within the manifest of the Kustomization. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array ignoreMissingComponents: description: |- IgnoreMissingComponents instructs the controller to ignore Components paths @@ -3086,6 +3213,19 @@ spec: - name type: object type: array + substituteStrategy: + description: |- + SubstituteStrategy defines the strategy for substituting variables in the YAML manifests. + Valid values are: + + - WithVariables (the default): require at least one variable to be defined, + either through the inline map or through the resolved references to ConfigMaps + and Secrets. + - Always: perform the substitution even if no variables are defined. + enum: + - WithVariables + - Always + type: string type: object prune: description: Prune enables garbage collection. @@ -3338,7 +3478,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: kustomize-controller namespace: flux-system --- @@ -3349,7 +3489,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -3368,7 +3508,7 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 spec: containers: - args: @@ -3387,7 +3527,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.8.5 + image: ghcr.io/fluxcd/kustomize-controller:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3439,16 +3579,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-appliers kind: HelmRelease listKind: HelmReleaseList plural: helmreleases @@ -3685,16 +3829,17 @@ spec: references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. items: - description: DependencyReference defines a HelmRelease dependency - on another HelmRelease resource. + description: |- + DependencyReference contains enough information to locate the referenced Kubernetes resource object + and optional CEL expression to assess its readiness. properties: name: description: Name of the referent. type: string namespace: description: |- - Namespace of the referent, defaults to the namespace of the HelmRelease - resource object that contains the reference. + Namespace of the referent, defaults to the namespace of the resource + object that contains the reference. type: string readyExpr: description: |- @@ -3825,7 +3970,6 @@ spec: required: - apiVersion - current - - kind type: object type: array install: @@ -4063,6 +4207,18 @@ spec: If not set, it defaults to true. type: boolean + postRenderStrategy: + description: |- + PostRenderStrategy defines the strategy for sending hooks to post-renderers. + Valid values are 'nohooks' (hooks not sent to post-renderers, Helm 3 behavior), + 'combined' (hooks and templates sent together, Helm 4 default), and 'separate' + (hooks and templates sent in separate streams, Helm 4.2 opt-in). + Defaults to 'combined', or 'nohooks' when the UseHelm3Defaults feature gate is enabled. + enum: + - nohooks + - combined + - separate + type: string postRenderers: description: |- PostRenderers holds an array of Helm PostRenderers, which will be applied in order @@ -4348,6 +4504,18 @@ spec: description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. properties: + chartNameChangeStrategy: + description: |- + ChartNameChangeStrategy defines the strategy to use when a Helm chart name changes. + Valid values are 'Reinstall' or 'InPlaceUpdate'. Defaults to 'Reinstall' if omitted. + + Reinstall: Reinstall the Helm release, uninstalling the existing Helm release. + + InPlaceUpdate: Update the Helm release in place. + enum: + - InPlaceUpdate + - Reinstall + type: string cleanupOnFail: description: |- CleanupOnFail allows deletion of new resources created during the Helm @@ -4510,6 +4678,17 @@ spec: - Secret - ConfigMap type: string + literal: + description: |- + Literal marks this ValuesReference as a literal value. When set in + combination with TargetPath, the referenced value is merged at the target + path without interpreting Helm's `--set` syntax (commas, brackets, dots, + equal signs, etc.), mirroring the behavior of `helm --set-literal`. This + is the only safe way to inject arbitrary file content (config files, JSON + blobs, multi-line strings containing special characters) through + `valuesFrom`. Has no effect when TargetPath is empty: in that mode the + referenced value is always YAML-merged at the root. + type: boolean name: description: |- Name of the values referent. Should reside in the same namespace as the @@ -4894,7 +5073,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: helm-controller namespace: flux-system --- @@ -4905,7 +5084,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: helm-controller namespace: flux-system @@ -4924,7 +5103,7 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 spec: containers: - args: @@ -4943,7 +5122,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.5.4 + image: ghcr.io/fluxcd/helm-controller:v1.6.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4995,16 +5174,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-notifications kind: Alert listKind: AlertList plural: alerts @@ -5015,15 +5198,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 - name: v1beta2 + name: v1beta3 schema: openAPIV3Schema: description: Alert is the Schema for the alerts API @@ -5147,8 +5322,9 @@ spec: - name type: object summary: - description: Summary holds a short description of the impact and affected - cluster. + description: |- + Summary holds a short description of the impact and affected cluster. + Deprecated: Use EventMetadata instead. maxLength: 255 type: string suspend: @@ -5160,84 +5336,35 @@ spec: - eventSources - providerRef type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object type: object served: true - storage: false - subresources: - status: {} + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.21.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.9.0 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + categories: + - all + - fluxcd + - fluxcd-notifications + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age @@ -5245,7 +5372,7 @@ spec: name: v1beta3 schema: openAPIV3Schema: - description: Alert is the Schema for the alerts API + description: Provider is the Schema for the providers API properties: apiVersion: description: |- @@ -5265,424 +5392,48 @@ spec: metadata: type: object spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. + description: ProviderSpec defines the desired state of the Provider. properties: - eventMetadata: - additionalProperties: - type: string + address: description: |- - EventMetadata is an optional field for adding metadata to events dispatched by the - controller. This can be used for enhancing the context of the event. If a field - would override one already present on the original event as generated by the emitter, - then the override doesn't happen, i.e. the original value is preserved, and an info - log is printed. + Address specifies the endpoint, in a generic sense, to where alerts are sent. + What kind of endpoint depends on the specific Provider type being used. + For the generic Provider, for example, this is an HTTP/S address. + For other Provider types this could be a project ID or a namespace. + maxLength: 2048 + type: string + certSecretRef: + description: |- + CertSecretRef specifies the Secret containing TLS certificates + for secure communication. + + Supported configurations: + - CA-only: Server authentication (provide ca.crt only) + - mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key) + - Client-only: Client authentication with system CA (provide tls.crt + tls.key only) + + Legacy keys "caFile", "certFile", "keyFile" are supported but deprecated. Use "ca.crt", "tls.crt", "tls.key" instead. + properties: + name: + description: Name of the referent. + type: string + required: + - name type: object - eventSeverity: - default: info + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + commitStatusExpr: description: |- - EventSeverity specifies how to filter events based on severity. - If set to 'info' no events will be filtered. - enum: - - info - - error + CommitStatusExpr is a CEL expression that evaluates to a string value + that can be used to generate a custom commit status message for use + with eligible Provider types (github, gitlab, gitea, bitbucketserver, + bitbucket, azuredevops). Supported variables are: event, provider, + and alert. type: string - eventSources: - description: |- - EventSources specifies how to filter events based - on the involved object kind, name and namespace. - items: - description: |- - CrossNamespaceObjectReference contains enough information to let you locate the - typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - MatchLabels requires the name to be set to `*`. - type: object - name: - description: |- - Name of the referent - If multiple resources are targeted `*` may be set. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: |- - ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: |- - InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: |- - Summary holds a short description of the impact and affected cluster. - Deprecated: Use EventMetadata instead. - maxLength: 255 - type: string - suspend: - description: |- - Suspend tells the controller to suspend subsequent - events handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: |- - Address specifies the endpoint, in a generic sense, to where alerts are sent. - What kind of endpoint depends on the specific Provider type being used. - For the generic Provider, for example, this is an HTTP/S address. - For other Provider types this could be a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: |- - CertSecretRef specifies the Secret containing - a PEM-encoded CA certificate (in the `ca.crt` key). - - Note: Support for the `caFile` key has - been deprecated. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: |- - Suspend tells the controller to suspend subsequent - events handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: |- - Address specifies the endpoint, in a generic sense, to where alerts are sent. - What kind of endpoint depends on the specific Provider type being used. - For the generic Provider, for example, this is an HTTP/S address. - For other Provider types this could be a project ID or a namespace. - maxLength: 2048 - type: string - certSecretRef: - description: |- - CertSecretRef specifies the Secret containing TLS certificates - for secure communication. - - Supported configurations: - - CA-only: Server authentication (provide ca.crt only) - - mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key) - - Client-only: Client authentication with system CA (provide tls.crt + tls.key only) - - Legacy keys "caFile", "certFile", "keyFile" are supported but deprecated. Use "ca.crt", "tls.crt", "tls.key" instead. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - commitStatusExpr: - description: |- - CommitStatusExpr is a CEL expression that evaluates to a string value - that can be used to generate a custom commit status message for use - with eligible Provider types (github, gitlab, gitea, bitbucketserver, - bitbucket, azuredevops). Supported variables are: event, provider, - and alert. - type: string - interval: + interval: description: |- Interval at which to reconcile the Provider with its Secret references. Deprecated and not used in v1beta3. @@ -5804,16 +5555,20 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.21.0 labels: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io names: + categories: + - all + - fluxcd + - fluxcd-notifications kind: Receiver listKind: ReceiverList plural: receivers @@ -5868,12 +5623,100 @@ spec: Secret references. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string + oidcProviders: + description: |- + OIDCProviders specifies the OIDC providers used to authenticate incoming + requests when Type is 'generic-oidc'. The provider whose IssuerURL matches + the token's 'iss' claim is used to verify the token signature, expiration + and audience, and to evaluate the configured CEL validations against the + token claims. + items: + description: |- + OIDCProvider configures an OIDC issuer used to authenticate requests for a + 'generic-oidc' Receiver. + properties: + audience: + description: |- + Audience is the expected audience ('aud' claim) for tokens issued by + this provider. Defaults to 'notification-controller'. + type: string + issuerURL: + description: |- + IssuerURL is the OIDC issuer URL used for provider discovery. It must + match the 'iss' claim of tokens issued by this provider. + pattern: ^https?:// + type: string + validations: + description: |- + Validations is the list of CEL boolean expressions evaluated against the + token claims and the variables. The request is accepted only if all of + them evaluate to true; the message of each failing expression is returned + to the caller. + + At least one validation is required. A valid signature alone does not + authorize a request: public issuers issue tokens to any caller on the + platform, so the validations must constrain the caller's identity claims + (e.g. 'repository_owner' for GitHub Actions). + items: + description: |- + OIDCValidation is a CEL boolean expression evaluated against the OIDC token + claims and variables of a 'generic-oidc' Receiver. + properties: + expression: + description: Expression is the CEL boolean expression + to evaluate. + type: string + message: + description: Message is returned to the caller when the + expression evaluates to false. + type: string + required: + - expression + - message + type: object + minItems: 1 + type: array + variables: + description: |- + Variables is an optional list of named CEL expressions, evaluated in order + and exposed as 'vars.'. Each expression can read the token claims + via 'claims' and any variable defined before it. Use it to share + sub-expressions across validations. + items: + description: |- + OIDCVariable is a named CEL expression evaluated against the OIDC token + claims of a 'generic-oidc' Receiver. + properties: + expression: + description: Expression is the CEL expression that defines + the variable value. + type: string + name: + description: Name is the variable name; it must be a valid + CEL identifier. + type: string + required: + - expression + - name + type: object + type: array + required: + - issuerURL + - validations + type: object + type: array + x-kubernetes-list-map-keys: + - issuerURL + x-kubernetes-list-type: map resourceFilter: description: |- ResourceFilter is a CEL expression expected to return a boolean that is evaluated for each resource referenced in the Resources field when a webhook is received. If the expression returns false then the controller will not request a reconciliation for the resource. + The expression can read the resource metadata via 'res' and the webhook + request body via 'req'. For generic-oidc receivers, the verified OIDC + token claims are also available via 'claims'. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean. @@ -5882,12 +5725,25 @@ spec: description: A list of resources to be notified about changes. items: description: |- - CrossNamespaceObjectReference contains enough information to let you locate the - typed referenced object at cluster level + ReceiverResource references a resource to be notified about changes, with an + optional per-resource CEL filter. properties: apiVersion: description: API version of the referent type: string + filter: + description: |- + Filter is a CEL expression expected to return a boolean that is evaluated + for each resource matched by this reference when a webhook is received, + in addition to the top-level resourceFilter. A reconciliation is requested + only when both expressions (when set) return true. + The expression can read the resource metadata via 'res' and the webhook + request body via 'req'. For generic-oidc receivers, the verified OIDC + token claims are also available via 'claims'. + When the expression is specified the controller will parse it and mark + the object as terminally failed if the expression is invalid or does not + return a boolean. + type: string kind: description: Kind of the referent enum: @@ -5937,6 +5793,9 @@ spec: key. For GCR receivers, the Secret must also contain an 'email' key with the IAM service account email configured on the Pub/Sub push subscription, and an 'audience' key with the expected OIDC token audience. + + Required for all receiver types except 'generic-oidc', which authenticates + requests using the OIDC token instead and must not set this field. properties: name: description: Name of the referent. @@ -5956,6 +5815,7 @@ spec: enum: - generic - generic-hmac + - generic-oidc - github - gitlab - bitbucket @@ -5969,9 +5829,19 @@ spec: type: string required: - resources - - secretRef - type type: object + x-kubernetes-validations: + - message: generic-oidc receivers must define at least one oidcProvider + rule: self.type != 'generic-oidc' || (has(self.oidcProviders) && size(self.oidcProviders) + > 0) + - message: oidcProviders can only be set when type is generic-oidc + rule: self.type == 'generic-oidc' || !has(self.oidcProviders) || size(self.oidcProviders) + == 0 + - message: secretRef cannot be set when type is generic-oidc + rule: self.type != 'generic-oidc' || !has(self.secretRef) + - message: secretRef is required when type is not generic-oidc + rule: self.type == 'generic-oidc' || has(self.secretRef) status: default: observedGeneration: -1 @@ -6056,235 +5926,6 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: |- - Events specifies the list of event types to handle, - e.g. 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: |- - CrossNamespaceObjectReference contains enough information to let you locate the - typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - MatchLabels requires the name to be set to `*`. - type: object - name: - description: |- - Name of the referent - If multiple resources are targeted `*` may be set. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: |- - SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: |- - Suspend tells the controller to suspend subsequent - events handling for this receiver. - type: boolean - type: - description: |- - Type of webhook sender, used to determine - the validation procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: |- - URL is the generated incoming webhook address in the format - of '/hook/sha256sum(token+name+namespace)'. - Deprecated: Replaced by WebhookPath. - type: string - webhookPath: - description: |- - WebhookPath is the generated incoming webhook address in the format - of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} --- apiVersion: v1 kind: ServiceAccount @@ -6293,7 +5934,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 name: notification-controller namespace: flux-system --- @@ -6304,7 +5945,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6325,7 +5966,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -6346,7 +5987,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 control-plane: controller name: notification-controller namespace: flux-system @@ -6365,7 +6006,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.7 + app.kubernetes.io/version: v2.9.0 spec: containers: - args: @@ -6383,7 +6024,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.8.4 + image: ghcr.io/fluxcd/notification-controller:v1.9.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: