summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules7
-rw-r--r--data.d/etc-nixos/.gitignore2
-rw-r--r--data.d/etc-nixos/README.md119
-rw-r--r--data.d/etc-nixos/apps/vpn-tinc.nix283
-rw-r--r--data.d/etc-nixos/env/global.nix72
-rw-r--r--data.d/etc-nixos/env/laptop.nix13
-rw-r--r--data.d/etc-nixos/env/server.nix7
-rw-r--r--data.d/etc-nixos/env/workstation.nix74
-rw-r--r--data.d/etc-nixos/wm/awesome.nix30
-rw-r--r--data.d/etc-nixos/wm/herbstluftwm.nix22
-rw-r--r--data.d/etc-nixos/wm/kde.nix55
-rw-r--r--data.d/etc-portage/.gitignore1
-rw-r--r--data.d/etc-portage/make.conf/00-defaults.conf15
-rw-r--r--data.d/etc-portage/make.conf/10-global.conf54
-rw-r--r--data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords1
-rw-r--r--data.d/etc-portage/package.license1
-rw-r--r--data.d/etc-portage/package.use/15-apcupsd.use1
-rw-r--r--data.d/etc-portage/repos.conf/gentoo.conf19
-rw-r--r--data.d/vpn-tinc/hosts/anoia_tyil_net25
-rw-r--r--data.d/vpn-tinc/hosts/caeghi_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/denahnu_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/edephas_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/faiwoo_tyil_net27
-rw-r--r--data.d/vpn-tinc/hosts/gaeru_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/hurzak_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ivdea_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/jaomox_tyil_net26
-rw-r--r--data.d/vpn-tinc/hosts/krohxe_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/ludifah_tyil_net2
-rw-r--r--data.d/vpn-tinc/hosts/mieshu_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/nouki_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/oolah_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/plarabe_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/qohrei_tyil_net19
-rw-r--r--data.d/vpn-tinc/hosts/ricui_tyil_net18
-rw-r--r--data.d/vpn-wireguard/.gitignore1
-rwxr-xr-xdata.d/vpn-wireguard/hooks/post-up47
-rw-r--r--data.d/vpn-wireguard/peers/faiwoo.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/gaeru.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/jaomox.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/mieshu.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/nouki.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/oolah.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/qohrei.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/ricui.tyil.net5
-rw-r--r--defaults61
-rw-r--r--hosts.d/anoia.tyil.net8
-rw-r--r--hosts.d/caeghi.tyil.net6
-rw-r--r--hosts.d/denahnu.tyil.net7
-rw-r--r--hosts.d/edephas.tyil.net29
-rw-r--r--hosts.d/faiwoo.tyil.net9
-rw-r--r--hosts.d/gaeru.tyil.net13
-rw-r--r--hosts.d/hurzak.tyil.net7
-rw-r--r--hosts.d/ivdea.tyil.net6
-rw-r--r--hosts.d/jaomox.tyil.net28
-rw-r--r--hosts.d/krohxe.tyil.net2
-rw-r--r--hosts.d/ludifah.tyil.net8
-rw-r--r--hosts.d/mieshu.tyil.net46
-rw-r--r--hosts.d/nouki.tyil.net7
-rw-r--r--hosts.d/oolah.tyil.net7
-rw-r--r--hosts.d/plarabe.tyil.net3
-rw-r--r--hosts.d/qohrei.tyil.net18
-rw-r--r--hosts.d/ricui.tyil.net12
-rw-r--r--os.d/linux-alpine_linux0
-rw-r--r--os.d/linux-debian_gnu_linux1
-rw-r--r--playbooks.d/dns-dnsmasq/description.txt1
-rw-r--r--playbooks.d/dns-dnsmasq/etc/defaults6
-rw-r--r--playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/dns-dnsmasq/playbook.bash48
-rw-r--r--playbooks.d/dns-dnsmasq/share/dnsmasq.conf14
-rw-r--r--playbooks.d/etc-nixos/description.txt1
-rw-r--r--playbooks.d/etc-nixos/playbook.bash18
-rw-r--r--playbooks.d/etc-portage/description.txt1
-rw-r--r--playbooks.d/etc-portage/playbook.bash18
-rw-r--r--playbooks.d/git-server/playbook.bash2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub5
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub1
-rw-r--r--playbooks.d/k3s-master/etc/defaults12
-rw-r--r--playbooks.d/k3s-master/etc/os.d/linux-gentoo4
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml36
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml45
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml77
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml33
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml54
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml16
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml20
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml24
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml19
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/base-system.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/media.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/public-services.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/servarr.yaml6
-rw-r--r--playbooks.d/k3s-master/playbook.bash79
-rw-r--r--playbooks.d/k3s-node/description.txt1
-rw-r--r--playbooks.d/k3s-node/etc/defaults3
-rw-r--r--playbooks.d/k3s-node/etc/os.d/linux-gentoo2
-rw-r--r--playbooks.d/k3s-node/playbook.bash98
-rw-r--r--playbooks.d/nfs-server/description.txt1
-rw-r--r--playbooks.d/nfs-server/etc/defaults3
-rw-r--r--playbooks.d/nfs-server/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/nfs-server/playbook.bash75
-rw-r--r--playbooks.d/nftables/description.txt1
-rw-r--r--playbooks.d/nftables/etc/defaults2
-rw-r--r--playbooks.d/nftables/playbook.bash99
-rw-r--r--playbooks.d/seaweedfs-filer/description.txt1
-rw-r--r--playbooks.d/seaweedfs-filer/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-filer/playbook.bash94
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer.conf7
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer.toml3
-rw-r--r--playbooks.d/seaweedfs-master/description.txt1
-rw-r--r--playbooks.d/seaweedfs-master/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-master/playbook.bash95
-rw-r--r--playbooks.d/seaweedfs-master/share/master.conf8
-rw-r--r--playbooks.d/seaweedfs-volume/description.txt1
-rw-r--r--playbooks.d/seaweedfs-volume/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-volume/playbook.bash106
-rw-r--r--playbooks.d/seaweedfs-volume/share/volume.conf13
-rw-r--r--playbooks.d/seaweedfs/description.txt1
-rw-r--r--playbooks.d/seaweedfs/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs/playbook.bash48
-rw-r--r--playbooks.d/seaweedfs/share/seaweedfs-mount@.service15
-rw-r--r--playbooks.d/ssh/playbook.bash8
-rw-r--r--playbooks.d/ssh/share/motd.satpl (renamed from playbooks.d/ssh/share/motd)0
-rw-r--r--playbooks.d/ssh/share/notify.sh8
-rw-r--r--playbooks.d/ssh/share/sshd_config.satpl (renamed from playbooks.d/ssh/share/sshd_config)2
m---------playbooks.d/vpn-tinc0
-rw-r--r--playbooks.d/vpn-tinc/description.txt1
-rw-r--r--playbooks.d/vpn-tinc/etc/defaults6
-rw-r--r--playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux1
-rw-r--r--playbooks.d/vpn-tinc/playbook.bash188
-rw-r--r--playbooks.d/vpn-tinc/share/host4
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-down-ifconfig3
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-down-ip3
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ifconfig4
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ip6
-rw-r--r--playbooks.d/vpn-tinc/share/tinc.conf10
-rw-r--r--playbooks.d/vpn-wireguard/description.txt1
-rw-r--r--playbooks.d/vpn-wireguard/etc/defaults1
-rw-r--r--playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/vpn-wireguard/playbook.bash119
-rw-r--r--playbooks.d/vpn-wireguard/share/interface4
-rw-r--r--playbooks.d/vpn-wireguard/share/peer5
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s313
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media22
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s320
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey21
-rw-r--r--registry.d/anoia.tyil.net5
-rw-r--r--registry.d/caeghi.tyil.net1
-rw-r--r--registry.d/denahnu.tyil.net4
-rw-r--r--registry.d/edephas.tyil.net1
-rw-r--r--registry.d/faiwoo.tyil.net1
-rw-r--r--registry.d/gaeru.tyil.net1
-rw-r--r--registry.d/ivdea.tyil.net4
-rw-r--r--registry.d/jaomox.tyil.net6
-rw-r--r--registry.d/krohxe.tyil.net4
-rw-r--r--registry.d/ludifah.tyil.net1
-rw-r--r--registry.d/mieshu.tyil.net11
-rw-r--r--registry.d/nouki.tyil.net6
-rw-r--r--registry.d/oolah.tyil.net (renamed from registry.d/hurzak.tyil.net)2
-rw-r--r--registry.d/plarabe.tyil.net2
-rw-r--r--registry.d/qohrei.tyil.net4
-rw-r--r--registry.d/ricui.tyil.net5
244 files changed, 2555 insertions, 12839 deletions
diff --git a/.gitmodules b/.gitmodules
index 36d1ae1..ae999ae 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,9 @@
[submodule "playbooks.d/www-blog"]
path = playbooks.d/www-blog
- url = https://git.tyil.nl/bashtard-playbooks/www-static
+ url = https://git.tyil.nl/bashtard/www-static
[submodule "playbooks.d/vpn-tinc"]
path = playbooks.d/vpn-tinc
- url = https://git.tyil.nl/bashtard-playbooks/vpn-tinc
+ url = https://git.tyil.nl/bashtard/vpn-tinc
+[submodule "playbooks.d/k3s-hurzak"]
+ path = playbooks.d/k3s-master
+ url = https://git.tyil.nl/bashtard/k3s-master
diff --git a/data.d/etc-nixos/.gitignore b/data.d/etc-nixos/.gitignore
new file mode 100644
index 0000000..2ee4098
--- /dev/null
+++ b/data.d/etc-nixos/.gitignore
@@ -0,0 +1,2 @@
+configuration.nix
+hardware-configuration.nix
diff --git a/data.d/etc-nixos/README.md b/data.d/etc-nixos/README.md
new file mode 100644
index 0000000..798fe0c
--- /dev/null
+++ b/data.d/etc-nixos/README.md
@@ -0,0 +1,119 @@
+# Set variables
+
+```sh
+disk=...
+zfs_pool=...
+swap_ratio=1.5
+```
+
+# Partition disk
+
+```sh
+parted -s "$disk" mklabel gpt
+```
+
+## boot
+
+### MBR
+
+We don't do MBR anymore!
+
+### EFI
+
+```sh
+parted -a optimal "$disk" mkpart primary fat32 1MiB 1001MiB
+parted "$disk" set 1 esp on
+
+mkfs.vfat -F32 "${disk}1"
+```
+
+## swap
+
+```sh
+swap_end=$(awk '/MemTotal/ { print int($2 / 1000 * '"$swap_ratio"') + 1001 }' /proc/meminfo)
+parted -a optimal "$disk" mkpart primary linux-swap 1001MiB "$swap_end"
+
+mkswap "${disk}2"
+swapon "${disk}2"
+```
+
+## zpool
+
+```sh
+parted -a optimal "$disk" mkpart primary "$swap_end" 100%
+
+zpool create \
+ -O mountpoint=none \
+ -O encryption=on \
+ -O keyformat=passphrase \
+ -O keylocation=prompt \
+ -O acltype=posixacl \
+ -O xattr=sa \
+ -O compression=zstd \
+ -O dnodesize=auto \
+ -O normalization=formD \
+ -o ashift=12 \
+ -o autotrim=on \
+ -R /mnt \
+ "$zfs_pool" "${disk}3"
+```
+
+### zfs volumes
+
+```sh
+zfs create -o mountpoint=none "$zfs_pool/rootfs"
+zfs create -o mountpoint=legacy "$zfs_pool/rootfs/nixos"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/root"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/tyil"
+```
+
+# Mount partitions/volumes
+
+```sh
+mount -t zfs "$zfs_pool/rootfs/nixos" /mnt
+
+mkdir -pv -- /mnt/boot
+mount -t vfat "${disk}1" /mnt/boot
+
+mkdir -pv -- /mnt/home
+mount -t zfs "$zfs_pool/homefs" /mnt/home
+
+mkdir -pv -- /mnt/root
+mkdir -pv -- /mnt/home/tyil
+mount -t zfs "$zfs_pool/homefs/root" /mnt/root
+mount -t zfs "$zfs_pool/homefs/tyil" /mnt/home/tyil
+```
+
+# Install NixOS
+
+## Configure
+
+```sh
+nixos-generate-config --root /mnt
+```
+
+Apply configs in `/mnt/etc/nixos`
+
+```nix
+{
+ boot.supportedFilesystems = [ "zfs" ];
+ boot.zfs.devNodes = ...
+ boot.zfs.forceImportRoot = false;
+ networking.hostId = $(head -c4 /dev/urandom | od -A none -t x4)
+ networking.hostName = ...
+}
+```
+
+## Install
+
+```sh
+cd /mnt && nixos-install
+```
+
+## Reboot
+
+```sh
+umount -lR /mnt
+zpool export "$zfs_pool"
+```
diff --git a/data.d/etc-nixos/apps/vpn-tinc.nix b/data.d/etc-nixos/apps/vpn-tinc.nix
new file mode 100644
index 0000000..0634ecc
--- /dev/null
+++ b/data.d/etc-nixos/apps/vpn-tinc.nix
@@ -0,0 +1,283 @@
+{ config, pkgs, ... }:
+
+# To have this node join the network, generate keys, add the new host with its
+# public keys to the list in this file, then rebuild.
+#
+# - mkdir -pv -- /etc/tinc/tyilnet
+# - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096"
+# - $EDITOR /etc/nixos/configuration.nix
+# ? networking.interfaces."tinc.tyilnet".address
+# - services.tinc.networks.tyilnet.name
+# - imports += [ "./apps/vpn-tinc.nix" ]
+# - cat /etc/tinc/tyilnet/*.pub
+# - $EDITOR /etc/nixos/apps/vpn-tinc.nix
+
+{
+ environment = {
+ etc = {
+ # This part should be written to configuration.nix while I try to learn
+ # how to do it cleanly with a simple variable
+ #
+ #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" ''
+ # #!${pkgs.stdenv.shell}
+ # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0
+ #'';
+ "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" ''
+ #!${pkgs.stdenv.shell}
+ /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+ '';
+ };
+ };
+
+ networking = {
+ firewall = {
+ allowedUDPPorts = [ 655 ];
+ allowedTCPPorts = [ 655 ];
+ };
+ };
+
+ security.sudo.extraRules = [
+ {
+ users = [ "tinc.tyilnet" ];
+ commands = [
+ {
+ command = "${pkgs.nettools}/bin/ifconfig";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ }
+ ];
+
+ services = {
+ tinc = {
+ networks = {
+ tyilnet = {
+ debugLevel = 3;
+ chroot = false;
+ interfaceType = "tap";
+
+ extraConfig = ''
+ ConnectTo = caeghi_tyil_net
+ ConnectTo = denahnu_tyil_net
+ ConnectTo = faiwoo_tyil_net
+ ConnectTo = gaeru_tyil_net
+ ConnectTo = hurzak_tyil_net
+ ConnectTo = jaomox_tyil_net
+
+ Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv
+ PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv
+ '';
+
+ hosts = {
+ anoia_tyil_net = ''
+ Subnet = 10.57.100.3/32
+
+ Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+ I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+ EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+ HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+ DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+ HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+ yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+ yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+ opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+ G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+ bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ bast_tyil_net = ''
+ Subnet = 10.57.50.50/32
+
+ Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/
+ EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw
+ gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG
+ SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo
+ 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL
+ S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al
+ Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc
+ pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw
+ S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz
+ z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR
+ /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ caeghi_tyil_net = ''
+ Address = 116.202.102.33
+ Subnet = 10.57.20.2/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
+ P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
+ EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
+ TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
+ FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
+ mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
+ oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
+ t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
+ rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
+ OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
+ 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ denahnu_tyil_net = ''
+ Address = 81.2.254.110
+ Subnet = 10.57.20.4/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
+ RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
+ idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
+ z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
+ fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
+ LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
+ Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
+ NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
+ 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
+ raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
+ 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ edephas_tyil_net = ''
+ Subnet = 10.57.100.7/32
+
+ Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
+ PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
+ a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
+ KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
+ UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
+ gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
+ zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
+ mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
+ yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
+ CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
+ fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ faiwoo_tyil_net = ''
+ Address = 65.21.5.254
+ Subnet = 10.57.20.5/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
+ Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
+ 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
+ T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
+ KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
+ y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
+ ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
+ 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
+ y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
+ Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
+ BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ gaeru_tyil_net = ''
+ Address = 37.48.120.26
+ Subnet = 10.57.20.6/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
+ ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
+ iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
+ XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
+ VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
+ giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
+ 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
+ Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
+ B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
+ 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
+ tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ hurzak_tyil_net = ''
+ Address = 178.162.131.11
+ Subnet = 10.57.20.7/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
+ k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
+ jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
+ BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
+ IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
+ T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
+ ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
+ E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
+ 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
+ xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
+ CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ivdea_tyil_net = ''
+ Subnet = 10.57.100.8/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
+ WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
+ WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
+ j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
+ cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
+ BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
+ nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
+ aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
+ FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
+ n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
+ uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ jaomox_tyil_net = ''
+ Address = 163.172.218.246
+ Subnet = 10.57.21.1/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
+ x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
+ SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
+ rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
+ t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
+ dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
+ rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
+ G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
+ q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
+ PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
+ noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ludifah_tyil_net = ''
+ Subnet = 10.57.100.9/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
+ HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ
+ U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq
+ VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I
+ rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK
+ OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE
+ 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba
+ 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9
+ GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG
+ AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8
+ wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/global.nix b/data.d/etc-nixos/env/global.nix
new file mode 100644
index 0000000..9bf9882
--- /dev/null
+++ b/data.d/etc-nixos/env/global.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+{
+ boot = {
+ supportedFilesystems = [ "zfs" ];
+ zfs = {
+ forceImportRoot = false;
+ };
+ };
+
+ environment = {
+ binsh = "${pkgs.dash}/bin/dash";
+ shells = with pkgs; [
+ bash
+ dash
+ zsh
+ ];
+ systemPackages = with pkgs; [
+ borgbackup
+ git
+ gnupg
+ jq
+ mosh
+ silver-searcher
+ tmux
+ vim
+ ];
+ };
+
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = [
+ "C.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "nl_NL.UTF-8/UTF-8"
+ ];
+ };
+
+ networking = {
+ domain = "tyil.net";
+ };
+
+ programs = {
+ zsh = {
+ enable = true;
+ };
+ };
+
+ services = {
+ openssh = {
+ enable = true;
+ };
+ };
+
+ system = {
+ copySystemConfiguration = true;
+ };
+
+ time = {
+ timeZone = "Europe/Amsterdam";
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ shell = pkgs.zsh;
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/laptop.nix b/data.d/etc-nixos/env/laptop.nix
new file mode 100644
index 0000000..2681547
--- /dev/null
+++ b/data.d/etc-nixos/env/laptop.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./workstation.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ acpi
+ ];
+ };
+}
diff --git a/data.d/etc-nixos/env/server.nix b/data.d/etc-nixos/env/server.nix
new file mode 100644
index 0000000..b04af8d
--- /dev/null
+++ b/data.d/etc-nixos/env/server.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+}
diff --git a/data.d/etc-nixos/env/workstation.nix b/data.d/etc-nixos/env/workstation.nix
new file mode 100644
index 0000000..93cef52
--- /dev/null
+++ b/data.d/etc-nixos/env/workstation.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ # CLI programs
+ kubectl
+ kubernetes-helm
+ neomutt
+ notmuch
+ ntfy-sh
+ pass
+ plantuml
+ shellcheck
+ tree
+
+ # GUI utils
+ xclip
+ xdotool
+ xprintidle
+
+ # GUI programs
+ alacritty
+ chromium
+ feh
+ mpv
+ nextcloud-client
+ pavucontrol
+ qutebrowser
+ scrot
+ yt-dlp
+ zathura
+ signal-desktop
+ ];
+ };
+
+ fonts.fonts = with pkgs; [
+ open-sans
+ liberation_ttf
+ ];
+
+ hardware = {
+ pulseaudio = {
+ enable = true;
+ };
+ };
+
+ programs = {
+ gnupg = {
+ agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ services = {
+ pcscd = {
+ enable = true;
+ };
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "audio" "video" ];
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/awesome.nix b/data.d/etc-nixos/wm/awesome.nix
new file mode 100644
index 0000000..b427f4a
--- /dev/null
+++ b/data.d/etc-nixos/wm/awesome.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ dunst
+ physlock
+ redshift
+ rofi
+ sxhkd
+ xcompmgr
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ startx = {
+ enable = true;
+ };
+ };
+ windowManager = {
+ awesome = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/herbstluftwm.nix b/data.d/etc-nixos/wm/herbstluftwm.nix
new file mode 100644
index 0000000..5dd884b
--- /dev/null
+++ b/data.d/etc-nixos/wm/herbstluftwm.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ redshift
+ xcompmgr
+ rofi
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ windowManager = {
+ herbstluftwm = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/kde.nix b/data.d/etc-nixos/wm/kde.nix
new file mode 100644
index 0000000..6f60249
--- /dev/null
+++ b/data.d/etc-nixos/wm/kde.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ arc-kde-theme
+ kmymoney
+ plasma-pass
+ pinentry-qt
+ libsForQt5.kaccounts-integration
+ libsForQt5.kaccounts-providers
+ libsForQt5.kweather
+ libsForQt5.kalendar
+ libsForQt5.kmail
+ thunderbird
+ ];
+ };
+
+ networking = {
+ firewall = {
+ allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ };
+ };
+
+ programs = {
+ dconf = {
+ enable = true;
+ };
+ gnupg = {
+ agent = {
+ pinentryFlavor = "qt";
+ };
+ };
+ kdeconnect = {
+ enable = true;
+ };
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ sddm = {
+ enable = true;
+ };
+ };
+ desktopManager = {
+ plasma5 = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore
new file mode 100644
index 0000000..72e8ffc
--- /dev/null
+++ b/data.d/etc-portage/.gitignore
@@ -0,0 +1 @@
+*
diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf
new file mode 100644
index 0000000..21c3c58
--- /dev/null
+++ b/data.d/etc-portage/make.conf/00-defaults.conf
@@ -0,0 +1,15 @@
+# These settings were set by the catalyst build script that automatically
+# built this stage.
+# Please consult /usr/share/portage/config/make.conf.example for a more
+# detailed example.
+COMMON_FLAGS="-O2 -pipe"
+CFLAGS="${COMMON_FLAGS}"
+CXXFLAGS="${COMMON_FLAGS}"
+FCFLAGS="${COMMON_FLAGS}"
+FFLAGS="${COMMON_FLAGS}"
+
+# NOTE: This stage was built with the bindist Use flag enabled
+
+# This sets the language of build output to English.
+# Please keep this setting intact when reporting bugs.
+LC_MESSAGES=C.utf8
diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf
new file mode 100644
index 0000000..deff7d8
--- /dev/null
+++ b/data.d/etc-portage/make.conf/10-global.conf
@@ -0,0 +1,54 @@
+USE="
+ bash-completion
+ introspection
+ vim-syntax
+ zsh-completion
+"
+
+FEATURES="
+ $FEATURES
+ buildpkg
+ network-sandbox
+ parallel-fetch
+ parallel-install
+ sandbox
+ sign
+ userfetch
+ userpriv
+ usersandbox
+ usersync
+"
+
+EMERGE_DEFAULT_OPTS="
+ $EMERGE_DEFAULT_OPTS
+ --alert
+ --ask
+ --binpkg-changed-deps=y
+ --binpkg-respect-use=y
+ --buildpkg-exclude */*-bin
+ --buildpkg-exclude acct-*/*
+ --buildpkg-exclude sys-kernel/*-sources
+ --buildpkg-exclude virtual/*
+ --keep-going
+ --tree
+ --usepkg-exclude */*-bin
+ --usepkg-exclude acct-*/*
+ --usepkg-exclude sys-kernel/*-sources
+ --usepkg-exclude virtual/*
+ --verbose
+"
+
+PKGDIR="/var/portage/packages"
+DISTDIR="/var/portage/distfiles"
+
+ACCEPT_LICENSE="
+ -*
+ @FREE
+"
+
+LC_MESSAGES=C.UTF8
+
+L10N="
+ en
+ nl
+"
diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
new file mode 100644
index 0000000..2376e42
--- /dev/null
+++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
@@ -0,0 +1 @@
+net-vpn/tinc ~*
diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license
new file mode 100644
index 0000000..348558e
--- /dev/null
+++ b/data.d/etc-portage/package.license
@@ -0,0 +1 @@
+sys-kernel/linux-firmware linux-fw-redistributable
diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use
new file mode 100644
index 0000000..91eeffb
--- /dev/null
+++ b/data.d/etc-portage/package.use/15-apcupsd.use
@@ -0,0 +1 @@
+sys-apps/util-linux tty-helpers
diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf
new file mode 100644
index 0000000..6cb6e3b
--- /dev/null
+++ b/data.d/etc-portage/repos.conf/gentoo.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+main-repo = gentoo
+
+[gentoo]
+location = /var/db/repos/gentoo
+sync-type = rsync
+sync-uri = rsync://rsync.gentoo.org/gentoo-portage
+auto-sync = yes
+sync-rsync-verify-jobs = 1
+sync-rsync-verify-metamanifest = yes
+sync-rsync-verify-max-age = 24
+sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
+sync-openpgp-keyserver = hkps://keys.gentoo.org
+sync-openpgp-key-refresh-retry-count = 40
+sync-openpgp-key-refresh-retry-overall-timeout = 1200
+sync-openpgp-key-refresh-retry-delay-exp-base = 2
+sync-openpgp-key-refresh-retry-delay-max = 60
+sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
diff --git a/data.d/vpn-tinc/hosts/anoia_tyil_net b/data.d/vpn-tinc/hosts/anoia_tyil_net
index 4856c95..ff46bf7 100644
--- a/data.d/vpn-tinc/hosts/anoia_tyil_net
+++ b/data.d/vpn-tinc/hosts/anoia_tyil_net
@@ -1,16 +1,17 @@
Subnet = 10.57.100.3/32
+Subnet = fd68:1057:1992:3381:0:3317:0:2/128
+Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
-VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
-F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
-cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
-VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
-+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
-jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
-38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
-pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
-Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
-qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
+MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/data.d/vpn-tinc/hosts/caeghi_tyil_net b/data.d/vpn-tinc/hosts/caeghi_tyil_net
index c5d5b05..4638c16 100644
--- a/data.d/vpn-tinc/hosts/caeghi_tyil_net
+++ b/data.d/vpn-tinc/hosts/caeghi_tyil_net
@@ -1,16 +1,19 @@
Address = 116.202.102.33
-Subnet = 10.57.20.2/32
+Address = 2a01:4f8:c010:ca5::1
+
+Subnet = 10.57.1.3/32
+Subnet = fd68:1057:1992:3381:0:1:1:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
-P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
-EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
-TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
-FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
-mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
-oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
-t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
-rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
-OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
-8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+MIICCgKCAgEA7fatifnB0LfafcNiKG+cZDeBkFynsFSTMA9dDSQOXYoowLSUOcWj
+5WW7b0m6ltM3mq2sAB8fTDJcageycjli8e0b6MzrAhmvzdCMlOBJXuE7iIRJU/IR
+cHjpLzG3tBNtO1NudbeGccC7uzmJuPrmBqX0lsy7FQqIad447FzkwOK5oqs1AEOk
+tgCFoEScQjPVRVG6JhH2DaBMAQ7rXbGmu2+SnZvxmHTA0Daiv0mthv9D4Mm4MIPJ
+QnyMVU85t72D1I/xlugjQI64PvAiROi6Ftm0il/YMiTWC9cxbR8hdpaxJJUoci38
+9KylJ87EpNDsgstlRw+MBvOTeL55pnPQXliQRrhpukAjHpTU38kQXRl5D613jzCy
+o8YGT6midMXnAk3ppr9DQX5113gCLXAwkUpy5pS/PpdQ7tqe1DcCsegYuomeVs1w
+pQlCPH7TJOj+vRaxVbDCvJq3u9wA7mzxoFdS0TiTq9fGIRE0hcCy+iFUEaOA54Fv
+g5Q6p5urtrw0AZueF/UCg+A6C1ag0pTOyoVb8VgcMnN80w+QVrxxB+k4VBzIbg7S
+gp1IgPkKKavTCbUb8cu4q5sidr8xz2diXanwSUjRwRbd6AcZgHU8rIjnUiYokw8E
+5Y2FEYaS4sN6jbZ56AbjmWmTWwo2uYndq4VG4CWYnX38t47HJRQFBtkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/denahnu_tyil_net b/data.d/vpn-tinc/hosts/denahnu_tyil_net
deleted file mode 100644
index acc2038..0000000
--- a/data.d/vpn-tinc/hosts/denahnu_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 81.2.254.110
-Subnet = 10.57.20.4/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
-RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
-idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
-z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
-fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
-LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
-Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
-NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
-9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
-raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
-6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/edephas_tyil_net b/data.d/vpn-tinc/hosts/edephas_tyil_net
index 6e095bb..3dc161a 100644
--- a/data.d/vpn-tinc/hosts/edephas_tyil_net
+++ b/data.d/vpn-tinc/hosts/edephas_tyil_net
@@ -1,16 +1,17 @@
-Subnet = 10.57.100.7/32
+Subnet = 10.57.0.1/32
+Subnet = fd68:1057:1992:3381:0:0:3317:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
-PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
-a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
-KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
-UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
-gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
-zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
-mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
-yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
-CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
-fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+MIICCgKCAgEAoxlT2zGSu5YwG5sgZc5u1ulntwLwqTwjx3jAL1ys8ZMVtzkBu9UZ
+2CjLA8XsdwwEnflgO4HpNzXtLwNiNBo6D5NrL+XMZj/XxsIbGMyfumYNhCJEEyTM
+5aROf3vuggKKzr5RYdoe7GxNcoIwnse0JZeBA+hhzIGgyWJwyzIzQ5EGioesFIc7
+2wPRloE4sprvP14mOvoZkUSQvrhfnAYw/xTHyjLvQUjrrh1EMj78bcs72qzdFNqd
+TbV860+2AXvc2ZU8gV40AfWuNL0fIsGCVXUhWX8+gOD75zLd41jJFqRLgLQmUXC1
+h3wMXe0ckXMMFmiFVXOKnZDZwBYHwFEsU2nt0WPkbzMgzcprvkWXg0xPomtyQ7lF
+8Zavohsz/+AjKKNKt+vPNlRQ3kBOdOvlwdcgWAOnVnF75Vct/X7vNxa7kjNdSgGe
+bEuLsCvJe/uRgvE9Dl6Ostkf5V/XLIUtXqt7kdizrhAPaUL7D2Y9K9qJ08qzQCpY
+yY+STnJ0uKzWI/5sbPmEgY+UTJAnC8bCUN3nZ0xNJwxg8VdELYJ36Z8T5sWHLzcW
+pz0jh9OeCAsM6YwapWVX7mqDN1ZF44mb26gfSpOw1Zg3kSoomVg8BNuhl4f/KX8O
+7CsF6lxhjyLRtCoFgTpOWfpSa+57yAMWDc5H8KSmahXWMTYYdfD3IXECAwEAAQ==
-----END RSA PUBLIC KEY-----
-Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+Ed25519PublicKey = h85o5piU40cj89zoEPcMq3H5ycn2VbNGKOmtLUnVG/M
diff --git a/data.d/vpn-tinc/hosts/faiwoo_tyil_net b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
index f5eb8f3..869bd4b 100644
--- a/data.d/vpn-tinc/hosts/faiwoo_tyil_net
+++ b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
@@ -1,16 +1,19 @@
Address = 65.21.5.254
-Subnet = 10.57.20.5/32
+Address = 2a01:4f9:c010:e20c::1
+
+Subnet = 10.57.1.4/32
+Subnet = fd68:1057:1992:3381:0:1:1:2/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
-Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
-8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
-T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
-KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
-y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
-ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
-6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
-y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
-Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
-BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+MIICCgKCAgEAz2BqK568OVNM3JWfeFzw4+GYMbXHZH/AiLrAABq5IhW+pAMtsKtS
++7EYGt0n0DpGo/J6XNNbduHbAlYdZa3ybhAaaGzUnHDbygdisSXBm0nZ/7vD4YUe
+IoreWyr5VcB8mfegQZRIxbs03ZqI2GGNFAxvT+Ot6HxkpBMq/iVcOkWWzANtP6S7
+njieoLyCTgt3JBX0UCIC2Pnne88HBlgJatbQNRTT+0ltDKNHozUJ6csKYiraWqEw
+yF0Khp+nro+XTn19Aj/V16kIL90oJJKVPwWElXUhooPh87PGoQ4d27DPOofkrE30
+cfv8PI+vHc1H4Eclyy81DwYFp3BKlWACHFOswN8F9bjCOS4aEJajHHEVfGCss140
+rsoNCWkR0GB/KnTzNpu5xpa5o7mllu1LfNU8ICdbhI74zOyZurPIhzH34BZLOROw
+jqvmnyNMX4jSCNCFhP4IZhL1QlpkA93AjNKIE3KyHWHTSgor+k5RvecSCzo22CDA
+5AUaB6lwr//T5XhfB8R94RwMe/zbL0HrtCVXo2tX61czDX22Z+f949LoklAQEtrW
+649hcHJhrUev/QLl2FQ+w1C//9P5JpNjByN1ifgJfVukoxsjnaggygvdn5uHIL4V
+BsmRe3cZoEGmyyxTTJr9CjyqsO0wC/ID/b0Qzc2TVcKMfe/RuYQOlXUCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net
index eba305b..28cd86b 100644
--- a/data.d/vpn-tinc/hosts/gaeru_tyil_net
+++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net
@@ -1,16 +1,18 @@
Address = 37.48.120.26
-Subnet = 10.57.20.6/32
+
+Subnet = 10.57.1.2/32
+Subnet = fd68:1057:1992:3381:0:1:2:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
-ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
-iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
-XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
-VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
-giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
-5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
-Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
-B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
-7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
-tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+MIICCgKCAgEAukTWaVQYkx45hOQiXS3XPaEU2HM/FHfqgsW3/0eHkAFPJk642dm6
+IO3xiiF0zEDQMjj2f/t+nLIQ6SgTtH3ajT9OODpvCyixpNPOWbiGeXK0fgDCd/52
+buf+9TJGq5BSqqKYNGWFX36BbZ9AnIJU0Y7lrEGwPUiG/utNJLlXlwfj1u8C0W3T
+sg6eEX0WoP+IqnBXE4NA5Hl2wXQj4jMsU0c0ZHkEdU9Y2jnCl5C6H5NLFykc2qmU
+TMZzCth989TuyfrKQ+XMJjlueWrDA3x9TRJKuJLc7fEr6MpJiJAGkh/cDHR+o693
+9R3ry4Wt4EjQiJFg4/OhtWXv5v/ELiA6BHNBB68X6x7ByYjvtkIXy1lzbFjR2DhY
+dNzZjSbGUjQpIqJUlLWi+/iLQRy93TjxLTqhUwDS0sde7qsxZnzaM5Owc/G/sZ7e
+VroltC2b5DZRMs3EbERdYs3RkpwE1quHFrzwVcCy8D1GEROKle/yg5Ksb3TLVs2c
+oPoq7rHsP6kud7r3HzNO+BUi0FzuZdCqQiVyp1H5L+ZfWZzGOJksbntb9GYDIOYC
+eWZurL8BdajY0zpSyGRcrwzcKFBq6GVdVoCLX5GQFY6rCQey+b0iTlF0rIcZxPtk
+q4dZ4DuBeq75HF9plWVoVMmq6LQfkLLphWHO/EP2ux0zRnBvXSSFtFMCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/hurzak_tyil_net b/data.d/vpn-tinc/hosts/hurzak_tyil_net
deleted file mode 100644
index d55cf55..0000000
--- a/data.d/vpn-tinc/hosts/hurzak_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 178.162.131.11
-Subnet = 10.57.20.7/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
-k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
-jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
-BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
-IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
-T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
-ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
-E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
-5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
-xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
-CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ivdea_tyil_net b/data.d/vpn-tinc/hosts/ivdea_tyil_net
deleted file mode 100644
index 17f8c89..0000000
--- a/data.d/vpn-tinc/hosts/ivdea_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
-WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
-WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
-j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
-cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
-BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
-nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
-aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
-FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
-n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
-uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net
index c1b7faa..0ba1c21 100644
--- a/data.d/vpn-tinc/hosts/jaomox_tyil_net
+++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net
@@ -1,16 +1,18 @@
Address = 163.172.218.246
-Subnet = 10.57.21.1/32
+
+Subnet = 10.57.3.2/32
+Subnet = fd68:1057:1992:3381:0:3:3:1/128
-----BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
-x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
-SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
-rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
-t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
-dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
-rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
-G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
-q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
-PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
-noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+MIICCgKCAgEAwy7NrCkjxHY3kUJB0l+cbhDWmxkPsj8fT57cgP/a2QFUc/N4uqdX
+ban2P04KDVzAed9myZ+bRfLNS4umR8TKPY+EB2SbexYowgAaGWzEEfS01YIcGKqf
+Cc/CJeSlHo5X3DWong+K4StqZXcqrjJvApzW/Hdg1F5bLC9ENbC1lTR1ppKUELOJ
+zosbGKmtNDiaGAg+8qOvIXNjf7B+FcWTpL8PtLWXmoSbd4QundNPsD2lfcz2F8cu
+GIbKaV0k0JJGtDdw5XYFgJDGgTewChuvUKYM2q/XP3AtExoGVEMNm440udv/WASE
+4oFs+Dk/aUXI92kkcArbG6pCbzTUI26THlc6ukQZgglxNFhkZae6hqXn3GvVl6Ht
+aZ3DG32VdNls/mgk857O+xk5aY46Nexcc9UYVpAqmUixb+FOtklsOb9ynD0J91qB
+ajL+a3CzDKGC7ICILaZVNSkhP5heOqb/KIIqPk3tRBNmD3uRouo74Leh14EVyA/H
+TP+fRVf5fFAp1Qmaq16tZws9QQj7wte/UhOx1IG2A93FygutwcgAHBokCjRhlgZm
+V9YkVLcdZr58Os1vrocQyu772XgslVUZXDAUh6cieLbv06cvB5wVdL3MoTSSalyo
+cPIrjXsLrWA43OuCGiUKMEUG5ZGQ4/HXX60ajZma1EyAbTwsi3po1VkCAwEAAQ==
-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/krohxe_tyil_net b/data.d/vpn-tinc/hosts/krohxe_tyil_net
deleted file mode 100644
index 0655f39..0000000
--- a/data.d/vpn-tinc/hosts/krohxe_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.20.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA0kL+MH9xOLAKrwUF17a642QLnU+72xbxiFtbWFXGIj17hlcqiOAv
-NqWFO1EzroRgaNzqdufMik7G7MFzrGG+7/fziC5Vj7A7UMi+8F8ig1tKLpqe0/+f
-DqQfbU0tPaPPPc95lEYOU4j50ALBNAZLNaP5a0BIN7N+Bj0JQNTah1u45mdIMQh2
-LpIkbe5MWaVcVvh61l5mxM/+rsU8lJE4+SmOuFJZ+7bzsbtQf5mPc4kF8aqPoMle
-XuizHguphe3CrZgOvvmAVvrV9O7FvpFHlJcmt4FkyEZ0e8l0h9/YKHx94py4STa2
-O3zFJFHf4zVAIzSx+1mVV08aulcIGjTpHLSIlAuQ1kqEI8lGfcCawyMCPdcRzWKJ
-eo7fo8/slzg9O/Id/uZwlDltnBXI4053bhjsglEfm/zZHog00IR/rSXuiqJLV+Th
-8uNRGXezB/frVn58w8dbOuPDzsVTLNeDeZJHrKRxTn/bwVFLrG25ow9qMgr/mqaP
-sA6PjBnw01SkBUJY6fmowip9YcQTOjlauUR6w/F70aOIqT65M1ralSVmWAUFCKRz
-KYOaOPHfpQQVxQaDnUKPiDyF8YoP9zoocyh5BnBEKP6ctYZkZd3i5naJ1SG16R5j
-U9iMnzo/uKG1CAP7jnM7IGZ6XhlHchst5LxVAm2cGT8apEWJOvFnqOMCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ludifah_tyil_net b/data.d/vpn-tinc/hosts/ludifah_tyil_net
index 6796f17..c236163 100644
--- a/data.d/vpn-tinc/hosts/ludifah_tyil_net
+++ b/data.d/vpn-tinc/hosts/ludifah_tyil_net
@@ -1,5 +1,5 @@
Subnet = 10.57.100.9/32
-
+Subnet = fd68:1057:1992:3381:0:3317:0:4/128
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net
new file mode 100644
index 0000000..33d0a50
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.3.1/32
+Subnet = fd68:1057:1992:3381:0:3:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiH7/vpM4Fq2q9MXgirEX/jy72N56xGViuKwo7plT8ObmFxkhL4pI
+RifRqv2Oal/VNKfECR5IaHzrLxWA7aunw22sFoUTnvQl6wCApPb1us2fn50J9ei/
+9gxrbQbVAX0VNlGzICk9zgKl+qfPtj/7ANoqE8Oo0cHrucfW+HdDpN3PyeDwhUk+
+GjoGFQuQboZNUzGnmIgcqPK2m3yJEy2l9SK2p5Uub0RZMDJrt8RJip4OesqpwIvX
+JGrU4jL2qIVzkhdkV2NyMd3chCdoHIXjXALreSoyZHkSOdJB2d1X/s6QD+aGFicv
+bIokJQWdO9hRh6P0lUEv44IABIj5oat6KU/uLtcr4pycnXMeJ73+CGA8hjG0M2uh
+Urn+hoi7y1h0G3vcoYz4oaxX2wqczEbJTTQmwxsx4XftCy7Fg6cnNCva/ML1hOwj
+1Urs0jfyPZjVzxqBqsia9duKINPnVkhdxWFma/23tEIjzUy4bbFX8T72Y/IcEi6C
+88Q59bgIzDKv1nBzM0/OXbNn5A/zI4FB26xd+NkuwYO9vecRE1DMm+kJiY/L9M4q
+657gy73FRykDPogS8dvoTEDbGuYQYClKNIt50iqBX7mAPGZ9ajEcCaXkd5ZUpKE/
+koYegL06MnryGeiODgSXAiTOxB5zSYaJIjIsSW6O15kXe3OkVHTKesECAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = z753yL+MnHAouuUKv1pgA40i9dzHp3QIbCHKVNi1NNH
diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net
new file mode 100644
index 0000000..cdf93a4
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/nouki_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.2.1/32
+Subnet = fd68:1057:1992:3381:0:2:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAu08q7S2MuqMEPeuTBJw6aFcJRF/8FlbxhNrUlHhfhc7N+4FnmQht
+gqr5I20V4BZKkgYI2KUB1+vHGCswy+ReMUtD2njM5BZbNBAOSrVcLtNAuCrCwDev
+Adbf58Mx3IJJSZdvYsOQD6MzNkfvCviaBBue89f8tI0Voh06uJT2AEijQBepindj
+b5hs75npMgkXVlDocgNnt6vN1ZSILK17cllvInrIi1tuA7+0XWTBYxroILYRIhWO
+m4IbnO/tP08e7cEnhCea+/Z5R/ZWlatsYom/gROo6s/ZcwhW1HKVx558Sjynuu92
+GE3o+bxqUD5shPyIo2BOl5h9kGNUtjTpX5rcpRHNr/NX1Zn2ss3bMRTxGGlIU1jI
+R4ZTWqzFNH8wZPNywQcbrxBcYj0xSDrq8u3ZO3mo4YXIv2X7PBBzq3+tyxQfWdcK
+u1AWxIV83W+eBcPQAdIF45yP1EOU7D53Jghe8KrXMnSSyHsghSInnLjqC4dWzveo
+5bQa4koKmMnW5SkvZuihyTWnMs+xgXXxznmUJKUoddgFCpzRhHckQ7KVQmosXthS
+a4njMXzAv/C1gVV0VR3LNSw+ZKOug5Sb7vTeQekOFEv3X98GEy5VKgbq9ebedXh8
+BBJuvClzuWGO3xiRjAwtHWhwOSt0Am1aPq2jEDhxynOGJqXR2Zeqh2UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = ZJkCNlpDKYYzTYl0UfyQMYjAApwbQ5oYgMpnxGXOB+H
diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net
new file mode 100644
index 0000000..26d59a3
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/oolah_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.1.1/32
+Subnet = fd68:1057:1992:3381:0:1:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAiWbWMo9fujW67rWelrMaxPP3qNHrWUIzg2Z4R4MZegZ2GWVYym3u
+EzboiDO9MOBh7bXSrQavjkecv40d8PDmbcwNy3hYFS2WH+bJCtjHl4xkxEsE2cvA
+1rLW7KEnBfbkKTbVMI/Di9jo4CoVIWNYRU8Ebw+nMWzGcYA1CvtkgzX7gaDio1kk
+0EhZ1BqWnExOEA/ChQEazv1kbFjSUW1Aok/aM95JkZ5h2OmGXxCy3MhvaLd78YC9
+cCc2R53FHsBgmufqqAN2kd96BeW0ZxZUrmzTtbz4ucS41O6hz4yBmz2sQt5TAx9K
+yQcLm2YL11xKkSdc8+LbhnMubYtUSfQcmUW92lxIYy/Odi+OIXjDzk3EconN8nHL
+GFWQJQsuIG9/LsEhR7kNd77becG/QscoV7PnjoxL77QMmlYGOTtS+eeVT8Yn55Lu
+qH4plZso2HL7UJv4cy97ZdTw29SHNz4wZNsDlBT+r8OmnANQShznzboddeY+bbZK
+aBEkwG1IWR719zNLbbeg84MpHx9z+VyS1RWO4Z+xd/g9f8oEWHFKUJRCCmmCGgJU
+qEswMAjPeCsVk31kB+yZujNJnrLCHxUHBHULJVXwcfvOyjZDU+vOgvcjBTOxlzV8
+wPDK2QZyuHNASYnLedyK3b1IRvuSNl5JepuvvwA2JZLlnqU5GLV0l5kCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net
new file mode 100644
index 0000000..91acd8c
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net
@@ -0,0 +1,18 @@
+Port = 657
+
+Subnet = 10.57.0.3/32
+Subnet = fd68:1057:1992:3381:0:0:3317:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAsasMofIk6AxtX7wsNYf1rZy+tpnnrRrQMX6/kXri+DhMByURJ1HI
+i7jhKBjQBfIcj5FijHHUQHiiKx0bNR0ekpXQFPcsRrspXdQEUnYkc1Pb1J0OMNQ+
+9CT/DH2sun+Zk3qHE+GLdDoWe6gz4uT8Eh+c1/6Z5VwxFpSYKRwT5T/wU9OOEqJi
+svoLZSZUh57Xq2y+3JJvfPx3LS6UP9mwz6cmvLWAkRBn18WG81ZBXvN/4ida23o8
+qhaxDhYIO20lDKY+in2oiN1qztLPcQKiXdn/R3ATr8dZ3pPm8YMclnH4Uil10IAw
+sl7B7Zt/As/LxklCdwWvPLcRMPC7bAMTGRMFW89C9APY3FsfRD5oiX3jqUMDLw6p
+UIVt6/gxnXBjyfgVFouG2ThrqGJp+sC3TfEEjBQ38/W8zk7S3IwMEqLd0gBc8Yq7
+QUWbORloNvv4CtwkeYFonM0eoYn9euxuXJ7RSBGzXadqkKiwtsG4rsvaLU+LKQnQ
+xRdzyiEZFcACU5/bdydHXYWWX1xfD2dPsW0nOelvJukgJvNWn0HyCZ1uClTdcAOr
+/m3Wh4clCiYgDfvurdVKRmgzzG/5U+xih+SUjgDnf/zgfOViY30BzRxoeWvJ+bCH
+TfMKk85a/Zdxxqosasoq6tMlt7EKhPDX5FmL/T102BB40Wtz4U3b81cCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/qohrei_tyil_net b/data.d/vpn-tinc/hosts/qohrei_tyil_net
new file mode 100644
index 0000000..decdcfa
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/qohrei_tyil_net
@@ -0,0 +1,19 @@
+Address = 37.27.37.131
+Address = 2a01:4f9:c012:6273::1
+
+Subnet = 10.57.1.6/32
+Subnet = fd68:1057:1992:3381:0:1:1:3/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEApbLsMPasXP2g/gJzxo40aayVPH7rDrxuiOaKfm4R0LKVnDuRGQDj
+V+ksZgM5UNxBsJdchzo8BfwtSASFeqlNu4cM9SqMvnKnFOe/W5TCu8+VUx2syrcp
+AhTnZ9yzEsHKMqdup7hOExQ+QXQXWPLbSsKEK6Jel4Kw5gQNc/fOq+sPQQPFb/Y+
+gQvaBrylHnM8oGlohutZjbnZdOaLFWLr4/3xgvzawWgudXOLa5lEmdkMJF0KjsJ0
+NuCVTf8TzzTZf/vdlE/ODYL7dAKuDWUScqpK4RE5+mqS1qHcmXl0hCuu5HecnT3t
+q5S5d4YuatacSI5PaAmGZgD2YoXK4L3LMfvqcO5z5EAKx+GaR+ePY2AB6kljy909
+zyAHW3uRsYA33QqUXQovPBJ4J9hiwDXgsHUUJ5OO1ZTpUJaT1n3Z3TmDwvYA6ZmF
+6LMqu4Mgs2Uvb8kR4xVPuw1dNzsOo9SeN9pQsypYwPatluJVjRwMVibH04ory0uQ
+5gzh+ixNbnEwhYCru8gh5raxgtXJe4WoIunX/G/0L23Jr331oLMHAXXkHKsd63/7
+cwVIvcLN/3bYpraG7tzHCfW2EcGMn1zEoWx6sXooXEgo7qcylHfPIjEpWiq153VY
+VFLwEyd+CHz8uDx57k4grHE4ggjCAJ6LYBUhl2Nk3lY9f4+Gl/I+D2ECAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ricui_tyil_net b/data.d/vpn-tinc/hosts/ricui_tyil_net
new file mode 100644
index 0000000..30866a2
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/ricui_tyil_net
@@ -0,0 +1,18 @@
+Address = 2a01:4f8:1c1b:67d7::1
+
+Subnet = 10.57.1.7/32
+Subnet = fd68:1057:1992:3381:0:1:1:4/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAqtSWcbWqGvmpwQuFaLhTXIxr1j2mVApKhV0Bw8UyggszBsEsZiZd
+b3eAbJOrklLhedZVendcjPhK8PPBJCWABW9Jm100xDaHc5HfMp/O5J2cSWD7vQVu
+iRVonHWaJRYAGeOUnG7mkIfAaHLIOnVzIVEpyuV9z8SCl48Bx7pU351WqYGwk75X
+VEIexX8C8vtHneeZJnF5p79kHCQuzwv1DlrAShjmh7qjr4rB97sZYnuwt9g2W9s9
+4wKUk+CJdmrARWyDxXQaS7P5VyqcJw7FpLefe+9B8Hq4ruU1HbqIxjKPFG1Kvtdf
+19KATOjEAlbeIlEvyiJnOi8Bedxo+MmeX2B3rE2aQyZTHEnkAImILLEgvDf8GnFx
+N6JWAnHELkrPOvQhFRhjQeQz4uk4WAEY2aSCqxnx0iQiqEjrHF38tntqZuahSknX
+3nXKiy5qeBi/4a6QcAEBn0L1WaJr12kbviqortg/ltSv1qwmWEnVw+Wdl3sF7uxw
+5fz2ciDrqOQE75jz7ouz28FhinGiLYXOddqWKWhE5J2hW2y+XfClXn0Z6uvCbSe+
+XZzmF3Yz6u/PEib8JWteaYkU2M3DVVvl/UDOuYP+lG6xISCIyCOGEFPtRq6VHHwD
+ReFPww8iAT8lD1/8zmPI0f2Ktm1Jnpf3aIHhBu2NugRTkDqj0djnafkCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-wireguard/.gitignore b/data.d/vpn-wireguard/.gitignore
new file mode 100644
index 0000000..ae60a25
--- /dev/null
+++ b/data.d/vpn-wireguard/.gitignore
@@ -0,0 +1 @@
+privkey
diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up
new file mode 100755
index 0000000..edbcd50
--- /dev/null
+++ b/data.d/vpn-wireguard/hooks/post-up
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+readonly COLOR_RESET="\033[0m"
+readonly COLOR_OK="\033[32;1m"
+readonly COLOR_NOK="\033[31;1m"
+readonly BUFFER="$(mktemp)"
+
+main() {
+ printf "Verifying connectability...\n"
+
+ # Ping all known hosts, as it seems that the wireguard interface comes up when
+ # only after it gets used on the machine itself.
+ while read -r addr;
+ do
+ check "$addr" &
+ done < <(awk -F= '/vpn-wireguard.ipv(4|6)=/ { print $NF }' /etc/bashtard/hosts.d/*)
+
+ wait
+
+ sort -- "$BUFFER" >&2
+}
+
+check() {
+ local addr="$1"
+
+ if ping -c 1 -q -w 1 "$addr" > /dev/null
+ then
+ log OK "$addr"
+ else
+ log NOK "$addr"
+ fi
+}
+
+log() {
+ local state="$1"
+ local addr="$2"
+ local color="$COLOR_NOK"
+
+ if [[ $state == "OK" ]]
+ then
+ color="$COLOR_OK"
+ fi
+
+ printf "%b%3s%b: %s\n" "$color" "$state" "$COLOR_RESET" "$addr" >> "$BUFFER"
+}
+
+main "$@"
diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
new file mode 100644
index 0000000..631f39a
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32,fd00:8:0:3::/64,172.28.3.0/24
+Endpoint = [2a01:4f9:c010:e20c::1]:51820
+PublicKey = Rrl9qa09Gc8LM3CIr0BIMTnkCMhL1GZFVKCh1P2okWg=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/gaeru.tyil.net b/data.d/vpn-wireguard/peers/gaeru.tyil.net
new file mode 100644
index 0000000..4b65f52
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/gaeru.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:2:1/128,10.58.1.5/32
+Endpoint = [37.48.120.26]:51820
+PublicKey = np17FGeZB0N77/SfaHfKTbsD/oV0LnjdOUeIMePGQG4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net
new file mode 100644
index 0000000..15c3dc2
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32
+Endpoint = [163.172.218.246]:51820
+PublicKey = VBqMAsZkCNVlqaMZGT7SKDuCkjXcVrwZNCxVKBRII0Q=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net
new file mode 100644
index 0000000..0b9001f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32
+Endpoint = [2a10:3781:2453:1:4950:47ce:f8db:1fed]:51820
+PublicKey = hrVjitF/wpaNvL9/hlswTL/G8hhKcpMmqGsinU34IBA=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net
new file mode 100644
index 0000000..0986864
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/nouki.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:2:3317:1/128,10.58.2.1/32
+Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820
+PublicKey = Mo2jVPUCIX3o5fY+H2rrVMWAKatVrF9nF75OCZZhRGM=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/oolah.tyil.net b/data.d/vpn-wireguard/peers/oolah.tyil.net
new file mode 100644
index 0000000..2951f1f
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/oolah.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:3317:1/128,10.58.1.4/32,fd00:8:0:0::/64,172.28.0.0/24
+Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820
+PublicKey = 8UkQ71m0xVPJbQ4zySRqH/WXJm479zj5xcgeJVoBWi8=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net
new file mode 100644
index 0000000..2a206d6
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32,fd00:8:0:2::/64,172.28.2.0/24
+Endpoint = [2a01:4f9:c012:6273::1]:51820
+PublicKey = cD1NveEPXKKNdGcx9bO4+91b1abDwoUSGnF4dI1m0R4=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net
new file mode 100644
index 0000000..a8cfdd7
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/ricui.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32,fd00:8:0:4::/64,172.28.4.0/24
+Endpoint = [2a01:4f8:1c1b:67d7::1]:51820
+PublicKey = Rv41YhKkhAVKefwlKtD0Uywv7r6a2/uhsdhWVcZUYyU=
+PersistentKeepalive = 10
diff --git a/defaults b/defaults
index ed6b73a..3e9d093 100644
--- a/defaults
+++ b/defaults
@@ -1,17 +1,68 @@
bashtard.backup.elements.0=filesystem
bashtard.backup.fs.paths.0=/etc
bashtard.backup.repositories.edephas=backup@edephas:{fqdn}
-k3s.network.cidr.pods=10.57.40.0/20
-k3s.network.cidr.svcs=10.57.48.0/20
-k3s.network.service.dns=10.57.48.53
-k3s.flux.repo.url=ssh://git@10.57.100.7/srv/git/tyilnet
+bashtard.ssh.host&=vpn-tinc.ipv6
dns.domain=tyil.net
dns.upstream.0=185.181.61.24
dns.upstream.1=188.68.231.82
dns.upstream.2=51.83.172.84
dns.upstream.3=2a03:94e0:1804::1
dns.upstream.4=2001:470:71:6dc::53
+etc-nixos.path=/etc/nixos
+etc-portage.path=/etc/portage
+k3s-master.bind-address&=k3s-node.bind-address
+k3s-master.cluster-cidr=fd00:8::0/48,172.28.0.0/16
+k3s-master.cluster-domain=k3s.tyil.nl
+k3s-master.external-ip&=k3s-node.internal-ip
+k3s-master.internal-ip&=k3s-node.internal-ip
+k3s-master.service-cidr=fd00:5::0/108,172.25.0.0/16
+k3s-master.service-node-port-min=1025
+k3s-master.flannel.interfaces.tinc&=k3s-node.flannel.interfaces.tinc
+k3s-node.bind-address&=vpn-tinc.ipv6
+k3s-node.cluster-cidr&=k3s-master.cluster-cidr
+k3s-node.cluster-domain&=k3s-master.cluster-domain
+k3s-node.cluster-domain=k3s.tyil.nl
+k3s-node.entry.host=[fd68:1057:1992:3381:0:1:3317:1]
+k3s-node.external-ip&=k3s-node.internal-ip
+k3s-node.flannel.interfaces.tinc=tyilnet1057
+k3s-node.role=agent
+k3s-node.service-cidr&=k3s-master.service-cidr
+k3s-node.service-node-port-min&=k3s-master.service-node-port-min
+nftables.input.icmp.ipv4.policy=accept
+nftables.input.icmp.ipv4.rate=2/second
+nftables.input.icmp.ipv6.policy=accept
+nftables.input.icmp.ipv6.rate=2/second
+nftables.input.interfaces.lo.policy=accept
+nftables.input.interfaces.tyilnet.policy=accept
+nftables.input.interfaces.tyilnet1058.policy=accept
+nftables.input.policy=drop
+nftables.input.rules.mosh.policy=accept
+nftables.input.rules.mosh.port=60000-61000
+nftables.input.rules.mosh.proto=udp
+nftables.input.rules.ssh.policy=accept
+nftables.input.rules.ssh.port=22
+nftables.input.rules.ssh.proto=tcp
+nftables.input.rules.tincd.policy=accept
+nftables.input.rules.tincd.port=655
+nftables.input.rules.tincd.proto=tcp,udp
+nftables.input.rules.wireguard.policy=accept
+nftables.input.rules.wireguard.port=51820
+nftables.input.rules.wireguard.proto=udp
+nftables.input.state.established.policy=accept
+nftables.input.state.invalid.policy=drop
+nftables.input.state.related.policy=accept
+seaweedfs-filer.ip&=vpn-wireguard.ipv6
+seaweedfs-master.replication=100
+seaweedfs-volume.ip&=vpn-wireguard.ipv6
+vpn-tinc.name=tyilnet1057
+vpn-tinc.peers.caeghi=caeghi_tyil_net
+vpn-tinc.peers.faiwoo=faiwoo_tyil_net
+vpn-tinc.peers.gaeru=gaeru_tyil_net
+vpn-tinc.peers.qohrei=qohrei_tyil_net
+vpn-tinc.peers.ricui=ricui_tyil_net
+vpn-tinc.port=657
+vpn-wireguard.interface=tyilnet1058
+vpn-wireguard.keepalive=10
www-blog.generator=hugo
www-blog.path=/var/www/nl.tyil.www
www-blog.repository=https://git.tyil.nl/blog
-vpn-tinc.name=tyilnet
diff --git a/hosts.d/anoia.tyil.net b/hosts.d/anoia.tyil.net
index da37125..c41fbfb 100644
--- a/hosts.d/anoia.tyil.net
+++ b/hosts.d/anoia.tyil.net
@@ -1,4 +1,6 @@
-bashtard.backup.fs.paths.1=/home/tyil
-bashtard.ssh.host=10.57.100.3
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
meta.provider=self
-vpn-tinc.ipv4=10.57.100.3
+vpn-tinc.ipv4=10.57.0.4
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:4
diff --git a/hosts.d/caeghi.tyil.net b/hosts.d/caeghi.tyil.net
index ce19c3f..b17df23 100644
--- a/hosts.d/caeghi.tyil.net
+++ b/hosts.d/caeghi.tyil.net
@@ -3,6 +3,8 @@ bashtard.backup.fs.paths.1=/etc
bashtard.backup.fs.paths.2=/home
bashtard.backup.fs.paths.3=/var/lib/mumble-server
bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.2
meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.2
+vpn-tinc.ipv4=10.57.1.3
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:1
+vpn-wireguard.ipv4=10.58.1.3
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:1
diff --git a/hosts.d/denahnu.tyil.net b/hosts.d/denahnu.tyil.net
deleted file mode 100644
index e699c41..0000000
--- a/hosts.d/denahnu.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/usr/home
-bashtard.backup.fs.paths.2=/usr/local/etc
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.4
-meta.provider=arubacloud
-vpn-tinc.ipv4=10.57.20.4
diff --git a/hosts.d/edephas.tyil.net b/hosts.d/edephas.tyil.net
index acef6fe..f86f044 100644
--- a/hosts.d/edephas.tyil.net
+++ b/hosts.d/edephas.tyil.net
@@ -1,34 +1,11 @@
bashtard.backup.borg.remote_paths.rsync=borg1
bashtard.backup.db.postgresql.user=postgres
-bashtard.backup.elements.1=database_postgres
+bashtard.backup.elements.1=database_postgresql
bashtard.backup.fs.paths.1=/home/tyil
bashtard.backup.fs.paths.2=/home/tyil/.local/git
bashtard.backup.fs.paths.3=/var/www/*
bashtard.backup.repositories.edephas=/var/media/backups/{fqdn}
bashtard.backup.repositories.rsync=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.100.7
-git.repos.bashtard.description=Configuration Management System in Bash
-git.repos.bashtard-playbooks/vpn-tinc.description=A Bashtard playbook for configuring tinc
-git.repos.bashtard-playbooks/www-static.description=A Bashtard playbook for generating static websites
-git.repos.blog.description=The source files to my blog, www.tyil.nl
-git.repos.dotfiles.description=My user-level configuration files, use with caution!
-git.repos.helm/invidious.description=Helm chart to deploy Invidious
-git.repos.helm/nitter.description=Helm chart to deploy Nitter
-git.repos.raku/config-parser-toml.description=TOML parser for Config
-git.repos.raku/config-parser-yaml.description=YAML parser for Config
-git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
-git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
-git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
-git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
-git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
-git.repos.raku/log-colored.description=A Log implementation with colored output
-git.repos.raku/log-json.description=A Log implementation with JSON formatted output
-git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
-git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
-git.repos.raku/string-fold.description=Fold strings to a certain length
-git.repos.raku/url.description=A Raku library to handle URLs
-git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
-git.repos.tyilnet.description=Configuration for machines in my personal network
-git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries
meta.provider=self
-vpn-tinc.ipv4=10.57.100.7
+vpn-tinc.ipv4=10.57.0.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:1
diff --git a/hosts.d/faiwoo.tyil.net b/hosts.d/faiwoo.tyil.net
index b8a7d1a..1efb888 100644
--- a/hosts.d/faiwoo.tyil.net
+++ b/hosts.d/faiwoo.tyil.net
@@ -1,7 +1,12 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:2,10.57.1.4
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/home
bashtard.backup.fs.paths.2=/var/www
+bashtard.backup.fs.paths.3=/etc
bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.5
meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.5
+vpn-tinc.ipv4=10.57.1.4
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:2
+vpn-wireguard.endpoint=2a01:4f9:c010:e20c::1
+vpn-wireguard.ipv4=10.58.1.4
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:2
diff --git a/hosts.d/gaeru.tyil.net b/hosts.d/gaeru.tyil.net
index 07f931c..bc01b3a 100644
--- a/hosts.d/gaeru.tyil.net
+++ b/hosts.d/gaeru.tyil.net
@@ -1,3 +1,10 @@
-bashtard.ssh.host=10.57.20.6
-meta.provider=hetzner
-vpn-tinc.ipv4=10.57.20.6
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home
+bashtard.backup.repositories.1=rsync.net:{fqdn}
+meta.provider=leaseweb
+vpn-tinc.ipv4=10.57.1.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:2:1
+vpn-wireguard.endpoint=37.48.120.26
+vpn-wireguard.ipv4=10.58.1.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:2:1
diff --git a/hosts.d/hurzak.tyil.net b/hosts.d/hurzak.tyil.net
deleted file mode 100644
index f5b0ec7..0000000
--- a/hosts.d/hurzak.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.7
-meta.provider=leaseweb
-vpn-tinc.ipv4=10.57.20.7
diff --git a/hosts.d/ivdea.tyil.net b/hosts.d/ivdea.tyil.net
deleted file mode 100644
index 2427d97..0000000
--- a/hosts.d/ivdea.tyil.net
+++ /dev/null
@@ -1,6 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home/tyil
-bashtard.ssh.host=10.57.100.8
-meta.provider=self
-vpn-tinc.ipv4=10.57.100.8
diff --git a/hosts.d/jaomox.tyil.net b/hosts.d/jaomox.tyil.net
index 10af86f..f9c9af9 100644
--- a/hosts.d/jaomox.tyil.net
+++ b/hosts.d/jaomox.tyil.net
@@ -1,6 +1,28 @@
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/etc
bashtard.backup.fs.paths.2=/home/tyil
-bashtard.ssh.host=10.57.21.1
-meta.provider=self
-vpn-tinc.ipv4=10.57.21.1
+bashtard.backup.repositories.1=rsync.net:{fqdn}
+meta.provider=oneprovider
+nftables.input.rules.seaweedfs-filer.policy=accept
+nftables.input.rules.seaweedfs-filer.port=8888
+nftables.input.rules.seaweedfs-filer.proto=tcp
+nftables.input.rules.seaweedfs-master.policy=accept
+nftables.input.rules.seaweedfs-master.port=9333
+nftables.input.rules.seaweedfs-master.proto=tcp
+nftables.input.rules.seaweedfs-s3.policy=accept
+nftables.input.rules.seaweedfs-s3.port=8333
+nftables.input.rules.seaweedfs-s3.proto=tcp
+nftables.input.rules.seaweedfs-volume-0.policy=accept
+nftables.input.rules.seaweedfs-volume-0.port=8080
+nftables.input.rules.seaweedfs-volume-0.proto=tcp
+seaweedfs-filer.ip&=vpn-wireguard.ipv6
+seaweedfs-master.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.dc&=meta.provider
+seaweedfs-volume.rack=amsterdam
+seaweedfs-volume.volumes.0.port=8080
+vpn-tinc.ipv4=10.57.3.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3:1
+vpn-wireguard.endpoint=163.172.218.246
+vpn-wireguard.ipv4=10.58.3.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3:1
diff --git a/hosts.d/krohxe.tyil.net b/hosts.d/krohxe.tyil.net
deleted file mode 100644
index 4388eee..0000000
--- a/hosts.d/krohxe.tyil.net
+++ /dev/null
@@ -1,2 +0,0 @@
-meta.provider=self
-vpn-tinc.ipv4=10.57.20.8
diff --git a/hosts.d/ludifah.tyil.net b/hosts.d/ludifah.tyil.net
index 5e4a628..214404b 100644
--- a/hosts.d/ludifah.tyil.net
+++ b/hosts.d/ludifah.tyil.net
@@ -1,3 +1,7 @@
-bashtard.ssh.host=10.57.100.9
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
meta.provider=self
-vpn.ipv4=10.57.100.9
+vpn-tinc.ipv4=10.57.0.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:2
diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net
new file mode 100644
index 0000000..47b12ae
--- /dev/null
+++ b/hosts.d/mieshu.tyil.net
@@ -0,0 +1,46 @@
+git.repodir=/mnt/pool/git
+git.repos.bashtard.description=Configuration Management System in Bash
+git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node
+git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc
+git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites
+git.repos.blog.description=The source files to my blog, www.tyil.nl
+git.repos.dotfiles.description=My user-level configuration files, use with caution!
+git.repos.helm/invidious.description=Helm chart to deploy Invidious
+git.repos.helm/nitter.description=Helm chart to deploy Nitter
+git.repos.kubernetes/nfs-operator.description=An operator for Kubernetes to provision NFS mounts for PVC resources
+git.repos.raku/config-parser-toml.description=TOML parser for Config
+git.repos.raku/config-parser-yaml.description=YAML parser for Config
+git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
+git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
+git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
+git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
+git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
+git.repos.raku/log-colored.description=A Log implementation with colored output
+git.repos.raku/log-json.description=A Log implementation with JSON formatted output
+git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
+git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
+git.repos.raku/string-fold.description=Fold strings to a certain length
+git.repos.raku/url.description=A Raku library to handle URLs
+git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
+git.repos.tyilnet.description=Configuration for machines in my personal network
+git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries
+k3s-node.role=server
+meta.provider=self
+nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17
+nfs-server.exports./mnt/exports/lldap.fsid=ee8ee25b-6f14-47f0-81b1-f6fe03a9761f
+nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1
+seaweedfs-volume.dc=schokkerstraat
+seaweedfs-volume.rack=main
+seaweedfs-volume.volumes.tyilstore0.port.grpc=17080
+seaweedfs-volume.volumes.tyilstore0.port.http=5080
+seaweedfs-volume.volumes.tyilstore1.port.grpc=17081
+seaweedfs-volume.volumes.tyilstore1.port.http=5081
+seaweedfs-volume.volumes.tyilstore2.port.grpc=17082
+seaweedfs-volume.volumes.tyilstore2.port.http=5082
+seaweedfs-volume.volumes.tyilstore3.port.grpc=17083
+seaweedfs-volume.volumes.tyilstore3.port.http=5083
+vpn-tinc.ipv4=10.57.3.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+vpn-wireguard.ipv4=10.58.3.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3317:1
diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net
new file mode 100644
index 0000000..cefffc2
--- /dev/null
+++ b/hosts.d/nouki.tyil.net
@@ -0,0 +1,7 @@
+k3s-node.role=server
+meta.provider=self
+vpn-tinc.ipv4=10.57.2.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:2:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:c8cb:d1a:bc0:dc38
+vpn-wireguard.ipv4=10.58.2.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:2:3317:1
diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net
new file mode 100644
index 0000000..174cb84
--- /dev/null
+++ b/hosts.d/oolah.tyil.net
@@ -0,0 +1,7 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:3317:1,10.57.1.1
+meta.provider=self
+vpn-tinc.ipv4=10.57.1.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:3317:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+vpn-wireguard.ipv4=10.58.1.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:3317:1
diff --git a/hosts.d/plarabe.tyil.net b/hosts.d/plarabe.tyil.net
new file mode 100644
index 0000000..4163491
--- /dev/null
+++ b/hosts.d/plarabe.tyil.net
@@ -0,0 +1,3 @@
+meta.provider=self
+vpn-tinc.ipv4=10.57.0.3
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:0:3317:3
diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net
new file mode 100644
index 0000000..f206068
--- /dev/null
+++ b/hosts.d/qohrei.tyil.net
@@ -0,0 +1,18 @@
+k3s-node.internal-ip=fd68:1058:1992:3381:0:1:1:1,10.58.1.1
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.etcd.policy=accept
+nftables.input.rules.etcd.port=2379-2381
+nftables.input.rules.etcd.proto=tcp
+nftables.input.rules.kubeapi.policy=accept
+nftables.input.rules.kubeapi.port=6443
+nftables.input.rules.kubeapi.proto=tcp
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.1.6
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:3
+vpn-wireguard.endpoint=2a01:4f9:c012:6273::1
+vpn-wireguard.ipv4=10.58.1.6
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:3
diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net
new file mode 100644
index 0000000..9c4c8b5
--- /dev/null
+++ b/hosts.d/ricui.tyil.net
@@ -0,0 +1,12 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:4,10.57.1.7
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.1.7
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:4
+vpn-wireguard.endpoint=2a01:4f8:1c1b:67d7::1
+vpn-wireguard.ipv4=10.58.1.7
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:4
diff --git a/os.d/linux-alpine_linux b/os.d/linux-alpine_linux
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/os.d/linux-alpine_linux
diff --git a/os.d/linux-debian_gnu_linux b/os.d/linux-debian_gnu_linux
index e69de29..b0d8bb7 100644
--- a/os.d/linux-debian_gnu_linux
+++ b/os.d/linux-debian_gnu_linux
@@ -0,0 +1 @@
+pkg.borg=borgbackup
diff --git a/playbooks.d/dns-dnsmasq/description.txt b/playbooks.d/dns-dnsmasq/description.txt
deleted file mode 100644
index 0c12e3a..0000000
--- a/playbooks.d/dns-dnsmasq/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Local DNS resolver with dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/etc/defaults b/playbooks.d/dns-dnsmasq/etc/defaults
deleted file mode 100644
index 4d3305a..0000000
--- a/playbooks.d/dns-dnsmasq/etc/defaults
+++ /dev/null
@@ -1,6 +0,0 @@
-pkg.dnsmasq=dnsmasq
-svc.dnsmasq=dnsmasq
-
-dns.port=53
-dns.host=127.0.0.1
-dns.domain=localhost
diff --git a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo b/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
deleted file mode 100644
index 2aec434..0000000
--- a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
+++ /dev/null
@@ -1 +0,0 @@
-pkg.dnsmasq=net-dns/dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/playbook.bash b/playbooks.d/dns-dnsmasq/playbook.bash
deleted file mode 100644
index f4be8cd..0000000
--- a/playbooks.d/dns-dnsmasq/playbook.bash
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add() {
- info "$BASHTARD_PLAYBOOK" "Installing packages"
- pkg install dnsmasq
-
- playbook_sync
-
- info "$BASHTARD_PLAYBOOK" "Enabling services"
- svc enable dnsmasq
- svc start dnsmasq
-}
-
-playbook_sync() {
- mkdir -pv -- "$(config "fs.etcdir")/dnsmasq.d"
-
- info "$BASHTARD_PLAYBOOK" "Writing config"
- file_template "dnsmasq.conf" \
- "host=$(config "dns.host")" \
- "port=$(config "dns.port")" \
- "domain=$(config "dns.domain")" \
- "confd=$(config "fs.etcdir")/dnsmasq.d" \
- > "$(config "fs.etcdir")/dnsmasq.conf"
-
- while read -r key
- do
- printf "server=%s\n" "$(config "dns.upstream.$key")"
- done < <(config_subkeys "dns.upstream") > "$(config "fs.etcdir")/dnsmasq.d/servers.conf"
-
- while read -r key
- do
- printf "address=/$(config "dns.address.$key" | sed s@:@/@)\n"
- done < <(config_subkeys "dns.address") > "$(config "fs.etcdir")/dnsmasq.d/addresses.conf"
-
- [[ "$BASHTARD_COMMAND" == "add" ]] && return
-
- info "$BASHTARD_PLAYBOOK" "Restarting services"
- svc restart dnsmasq
-}
-
-playbook_del() {
- info "$BASHTARD_PLAYBOOK" "Disabling services"
- svc stop dnsmasq
- svc disable dnsmasq
-
- info "$BASHTARD_PLAYBOOK" "Uninstalling packages"
- pkg uninstall dnsmasq
-}
diff --git a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf b/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
deleted file mode 100644
index 4fe090c..0000000
--- a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Binding
-listen-address=${host}
-port=${port}
-bind-interfaces
-
-# Local domain
-domain=${domain}
-
-# Upstream DNS Servers
-no-resolv
-conf-file=${confd}/servers.conf
-
-# Addresses
-conf-file=${confd}/addresses.conf
diff --git a/playbooks.d/etc-nixos/description.txt b/playbooks.d/etc-nixos/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-nixos/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-nixos/playbook.bash b/playbooks.d/etc-nixos/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-nixos/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-portage/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-portage/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/git-server/playbook.bash b/playbooks.d/git-server/playbook.bash
index f1b8287..74eda61 100644
--- a/playbooks.d/git-server/playbook.bash
+++ b/playbooks.d/git-server/playbook.bash
@@ -32,7 +32,7 @@ playbook_sync() {
while read -r repo
do
local name="$(config "git.repos.$repo.name" "$repo")"
- local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name")"
+ local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name").git"
info "$BASHTARD_PLAYBOOK" "Ensuring $name exists ($repo)"
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
deleted file mode 100644
index e1d7ab3..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
index 3056a3d..fe3c6a7 100644
--- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
new file mode 100644
index 0000000..0faf439
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
new file mode 100644
index 0000000..a19b34e
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
new file mode 100644
index 0000000..d4c3c0d
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
index aea0daa..f1b7158 100644
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLpn3Tny1LSWaLeIDmdAkZZoAajSJN9CQvfFdgLFfsK tyil@anoia.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtUkeSiwk+1UnMfy8Z53cQkKTlBBFZXUuDiXfPcalHj tyil@anoia
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
deleted file mode 100644
index 00e492d..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
+++ /dev/null
@@ -1,5 +0,0 @@
-<<<<<<< HEAD
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net
-=======
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast
->>>>>>> d8b0063 (Update pubkey for tyil@bast)
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
new file mode 100644
index 0000000..d5632d9
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
deleted file mode 100644
index 834bcd2..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
new file mode 100644
index 0000000..e3503e7
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
new file mode 100644
index 0000000..a70b37c
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
new file mode 100644
index 0000000..52f292a
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
new file mode 100644
index 0000000..dabadac
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub
new file mode 100644
index 0000000..25a5449
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@plarabe-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7XKD3KxXTe5GlM4w4xdap3VAPvYCi4EowD88ymInFR tyil@plarabe
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
deleted file mode 100644
index 1b8d9e6..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net
diff --git a/playbooks.d/k3s-master/etc/defaults b/playbooks.d/k3s-master/etc/defaults
index eab4aee..3cbca90 100644
--- a/playbooks.d/k3s-master/etc/defaults
+++ b/playbooks.d/k3s-master/etc/defaults
@@ -1,8 +1,4 @@
-pkg.k3s=k3s
-pkg.helm=helm
-
-k3s.domain=cluster.local
-k3s.network.cidr.pods=172.19.0.0/16
-k3s.network.cidr.svcs=172.20.0.0/16
-k3s.network.service.dns=172.20.0.53
-k3s.flux.repo.branch=master
+pkg.curl=curl
+pkg.kubectl=kubectl
+pkg.nfs-common=nfs-common
+pkg.open-iscsi=open-iscsi
diff --git a/playbooks.d/k3s-master/etc/os.d/linux-gentoo b/playbooks.d/k3s-master/etc/os.d/linux-gentoo
index 4aaaabf..5e7bc08 100644
--- a/playbooks.d/k3s-master/etc/os.d/linux-gentoo
+++ b/playbooks.d/k3s-master/etc/os.d/linux-gentoo
@@ -1,2 +1,2 @@
-pkg.k3s=sys-cluster/k3s
-pkg.helm=app-admin/helm
+pkg.nfs-common=net-fs/nfs-utils
+pkg.open-iscsi=sys-block/open-iscsi
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
deleted file mode 100644
index 9b456c1..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- personal-services
-- public-services
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml
deleted file mode 100644
index 9081ab6..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- uptime-kuma
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml
deleted file mode 100644
index 9553007..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/deployment.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: uptime-kuma
- namespace: personal-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- spec:
- containers:
- - name: uptime-kuma
- image: louislam/uptime-kuma:1
- ports:
- - containerPort: 3001
- volumeMounts:
- - name: data
- mountPath: /app/data
- volumes:
- - name: data
- hostPath:
- type: Directory
- path: /srv/personal-services/uptime-kuma
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml
deleted file mode 100644
index 03828f2..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/ingress.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: uptime-kuma
- namespace: personal-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- annotations:
- cert-manager.io/cluster-issuer: letsencrypt-production
- #nginx.ingress.kubernetes.io/configuration-snippet: |
- # proxy_cache_bypass $http_upgrade;
- # proxy_set_header Connection "Upgrade";
- # proxy_set_header Host $host;
- # proxy_set_header Upgrade $http_upgrade;
- # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # proxy_set_header X-Forwarded-For $remote_addr;
- # proxy_set_header X-Forwarded-Host $http_host;
- # proxy_set_header X-Forwarded-Proto $scheme;
- # proxy_set_header X-Real-IP $remote_addr;
- #nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
- #nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
- #nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
- #nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: "nginx"
- rules:
- - host: uptime.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: uptime-kuma
- port:
- number: 80
- tls:
- - hosts:
- - uptime.tyil.nl
- secretName: cert-uptime.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml
deleted file mode 100644
index 51d6d53..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/personal-services/uptime-kuma/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: uptime-kuma
- namespace: personal-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: uptime-kuma
- app.kubernetes.io/part-of: personal-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 3001
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 168bb15..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- searxng
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
deleted file mode 100644
index f5f6064..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searxng
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- spec:
- containers:
- - name: searxng
- image: searxng/searxng:2022.08.01-7c9c1124
- ports:
- - containerPort: 8080
- env:
- - name: BASE_URL
- value: https://searxng.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
deleted file mode 100644
index 8bd3d94..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searxng
- namespace: public-services
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt-production"
-spec:
- ingressClassName: "nginx"
- tls:
- - hosts:
- - searxng.tyil.nl
- secretName: tls-nl.tyil.searxng
- rules:
- - host: searxng.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searxng
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
deleted file mode 100644
index e0ff25d..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- ingress.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
deleted file mode 100644
index 23fb8ac..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: searxng
- namespace: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
deleted file mode 100644
index 920b1f5..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dirlist
- namespace: media
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- spec:
- containers:
- - name: miniserve
- image: docker.io/svenstaro/miniserve:latest
- args:
- - "--enable-tar-gz"
- - "--qrcode"
- - "--enable-tar"
- - "/var/www"
- ports:
- - containerPort: 8080
- volumeMounts:
- - name: anime-movies
- mountPath: /var/www/anime-movies
- readOnly: true
- - name: anime-series
- mountPath: /var/www/anime-series
- readOnly: true
- - name: books
- mountPath: /var/www/books
- readOnly: true
- - name: movies
- mountPath: /var/www/movies
- readOnly: true
- - name: music
- mountPath: /var/www/music
- readOnly: true
- - name: series
- mountPath: /var/www/series
- readOnly: true
- volumes:
- - name: anime-movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-movies/exported
- - name: anime-series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-series/exported
- - name: books
- nfs:
- server: 10.57.100.7
- path: /mnt/media/books/exported
- - name: movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/movies/exported
- - name: music
- nfs:
- server: 10.57.100.7
- path: /mnt/media/music/exported
- - name: series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/series/exported
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
deleted file mode 100644
index 4a87af7..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: dirlist
- namespace: media
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
-spec:
- ingressClassName: "nginx"
- rules:
- - host: media.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: dirlist
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml
deleted file mode 100644
index 14e9c61..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: dirlist
- namespace: media
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
deleted file mode 100644
index 8059d7b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- dirlist
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
deleted file mode 100644
index ab637fe..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-- values.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
deleted file mode 100644
index 3664202..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: invidious
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 2.0.2
- sourceRef:
- kind: GitRepository
- name: tyil-helm-invidious
- namespace: flux-system
- interval: 1m
- valuesFrom:
- - name: invidious-config
- kind: Secret
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: youtube.alt.tyil.nl
- paths:
- - path: /
- config:
- channel_threads: 1
- db:
- user: invidious
- host: 10.57.100.7
- port: 5432
- dbname: invidious
- domain: youtube.alt.tyil.nl
- feed_threads: 1
- full_refresh: false
- https_only: true
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
deleted file mode 100644
index 1db538b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
-spec:
- encryptedData:
- values.yaml: AgAPilCc/Cr7+x+lpKGQxINSPwCMyn6UomHo5GSszksUtU3GcUagAbtQCi8s8uOuk3lTdhQ7poGc0bQiPxoN1cWLyhe4yo5iQ2Ad+uNUDxp7crlWUVQb9fQr/wvveBsm2RV1JmhhIHSVEAVtGAqwjTG44qyRsvlAI9umFuuQio1P4CxNxJGsI3BRbDA/Y3PDSxJ2PufYxkYxMDVPuWR/wB7s4qpgz8VSAvIfQvqs9KGOZ0oVwEGMj/zBHPXkn978hHSebB2rZWn5Gli91Yec0EP1jyDA0nVynanZDabOcnk+KQFCx17pJklZqRG3GEEHVVCDE1L1O96UfLz9tL+a8Y8/26pWbBuvIvuLq7w4j1pg/K3NKtA7ZfM316WOBUvLc8iNnr0hqagA9YF0w4VZMNjxxTPjOmpo+NP71fAc95i+qK5VBPat2LpiPES/+HV0Gr0k7g6ejIuy94/IQH0jFvg5Cmv7Tuo+uGuOhkOC78DZG2igdDRAk7eS6i+LfooTegKgWxCyfWct60ulBUZ+RRa987kmihAZ5XOxAy2J5+CU+HCZc8KeU7Km2bJooKBauWTUDVMraeAfVFA00oiczS1y5DfrwJIQeozDaknxmqQq1bN9ouKAuA+BIaZ/cZ80LYcJmw40dc5wI6UtgBMVZaV0iwhd00Hio6iVvB8ABynpwYdQVCRFARl4GcuwK6Or/uFRkQPaosFk807VjKOZsA0YJU1rc0El8UR7TmYIFK75FU8iecuGZbc1HlzWjrWjFa+ayIRng5EOW59x02GT8n/wDb/m6HapRG5DtkGk95iBoEupexmVXYO28w==
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 3ce6c98..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- invidious
-- nitter
-- omgur
-- searx
-- teddit
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
deleted file mode 100644
index 80a11ca..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: nitter
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 0.1.0
- sourceRef:
- kind: GitRepository
- name: tyil-helm-nitter
- namespace: flux-system
- interval: 1m
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: twitter.alt.tyil.nl
- paths:
- - path: /
- redis:
- host: 10.57.100.7
- urlReplacements:
- twitter: twitter.alt.tyil.nl
- youtube: yewtu.be
- reddit: reddit.alt.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml
deleted file mode 100644
index a4647dd..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: omgur
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: omgur
- image: registry.gitlab.com/geraldwuhoo/omgur:latest
- ports:
- - containerPort: 8080
- env:
- - name: REDIS_HOST
- value: "10.57.100.7"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml
deleted file mode 100644
index ca92947..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: omgur
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: imgur.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: omgur
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml
deleted file mode 100644
index f848c14..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: omgur
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
deleted file mode 100644
index ff93f12..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searx
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: searx
- image: searx/searx:latest
- ports:
- - containerPort: 8080
- env:
- - name: BIND_ADDRESS
- value: "0.0.0.0:8080"
- - name: BASE_URL
- value: "https://searx.tyil.nl"
- volumeMounts:
- - name: srv
- subPath: config
- mountPath: /etc/searx
- - name: filtron
- image: dalf/filtron
- args: [
- "-listen", "0.0.0.0:4040",
- "-target", "searx:8080",
- ]
- ports:
- - containerPort: 4040
- volumeMounts:
- - name: srv
- subPath: rules.json
- mountPath: /etc/filtron/rules.json
- volumes:
- - name: srv
- nfs:
- server: 10.57.100.7
- path: /srv/searx
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml
deleted file mode 100644
index fdbc6bf..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searx
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: searx.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searx
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml
deleted file mode 100644
index 80b802b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: searx
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
deleted file mode 100644
index 9542cde..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: teddit
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: teddit
- image: teddit/teddit:latest
- ports:
- - containerPort: 8080
- env:
- - name: DOMAIN
- value: "reddit.alt.tyil.nl"
- - name: REDIS_DB
- value: "1"
- - name: REDIS_HOST
- value: "10.57.100.7"
- - name: TRUST_PROXY
- value: "true"
- - name: USE_HELMET
- value: "true"
- - name: USE_HELMET_HSTS
- value: "true"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml
deleted file mode 100644
index 55fc30a..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: teddit
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: reddit.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: teddit
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml
deleted file mode 100644
index b91c1d1..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: teddit
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
deleted file mode 100644
index 8e8d43c..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/applications/hurzak.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: receivers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of Receiver
- properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.22.2
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.26.3
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: notification-controller
- spec:
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.24.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.25.11
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
deleted file mode 100644
index 0d32ce5..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 1m0s
- ref:
- branch: master
- secretRef:
- name: flux-system
- url: ssh://git@10.57.100.7/srv/git/tyilnet
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./playbooks.d/k3s-master/share/manifests/clusters/hurzak.tyil.net
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
deleted file mode 100644
index 3842229..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
deleted file mode 100644
index 9df248a..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-configurations
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-releases
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/configuration
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
deleted file mode 100644
index cc449ac..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-releases
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-sources
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/releases
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
deleted file mode 100644
index eda76f3..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-sources
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: namespaces
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/sources
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
deleted file mode 100644
index 4fc4292..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: namespaces
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/namespaces
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
deleted file mode 100644
index 809cdb4..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
-